blob: 4c64fff9701a751d68e80fd9dbf20af9b272c557 (
plain)
1
2
3
4
5
6
7
8
|
The roadwarriors <b>carol</b> and <b>dave</b> set up a connection each
to the virtual gateway <b>mars</b> implemented by the two real gateways
<b>alice</b> and <b>moon</b> in a <b>High Availability</b> (HA) setup
based on <b>ClusterIP</b>. Depending on the hash of the IP addresses of the peers
and the SPIs, the inbound and outbound CHILD_SAs are either assigned to
segment 1 managed by <b>alice</b> or segment 2 handled by <b>moon</b>.
The IKEv2 protocol is managed by <b>moon</b> exclusively with passive
IKE_SAs installed on the backup gateway <b>alice</b>.
|