HA on CVG

  • 1
  • Question
  • Updated 5 years ago
  • Answered
Hi everyone,Im have some kind of curiosity on Aerohive CVG, can we have HA on CVG? If yes, how we can achieve that?
Photo of Mohd Hafiz

Mohd Hafiz

  • 13 Posts
  • 1 Reply Like

Posted 5 years ago

  • 1
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
I av assuming you are asking about integrated stateful high availability, like HSRP, NSRP, or similar. Sorry, no, that was not in the original design.

This isn't as bad as it may seem on the surface; you can have two CVGs in your DMZ and have your BRs or other devices tunnel to both. You will end up with an active/standby form of high availability because our tunnel initiators will only use one tunnel per remote route, but if that active tunnel fails you will already have established the other and routing will automagically send traffic down the newly active tunnel.

Did this answer your question?
Photo of Mohd Hafiz

Mohd Hafiz

  • 13 Posts
  • 1 Reply Like
Many thanks mike for the reply,

Yes, it answered my question, so what i need to do is just to add another CVG under VPN gateway Setting. Im i correct?

Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Yes, basically that's it. Thee are some caveats, but I don't have my usual resources available to dig up the details for you. They have to have consecutive addresses or something like that, consult the documentation for the details.
Photo of Mohd Hafiz

Mohd Hafiz

  • 13 Posts
  • 1 Reply Like
Do you have an experience on this deployment especially for L3 VPN setting?
Photo of Mike Kouri

Mike Kouri, Official Rep

  • 1030 Posts
  • 271 Reply Likes
Mohd,
Do I personally have experience setting this up? No, not really. I'm a Product Manager, by definition that means I am technically inept .

I do know that we have many many customers doing this successfully today. Some customers even have redundant data centers and their branch routers establish four tunnels in total, two to each data center. One tunnel to each data center is active, the other is established but acts as a standby.
Photo of Mohd Hafiz

Mohd Hafiz

  • 13 Posts
  • 1 Reply Like
Hi Mike,

Sorry for my stupid question and many thanks for sharing the info. Now i may convince my management about the redundant CVG.

Once again, thank you very much.