TMS zl Management and Configuration Guide ST.1.2.100916

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

1041

8-7

High Availability

Overview

Table 8-1. Failover in HA Clusters

IDS/IPS and HA

If you use the intrusion detection/prevention (IDS/IPS) signatures on an HA

cluster, it is recommended that you purchase one subscription for each cluster

member, even though it is technically possible to operate the HA cluster if you

■ If you purchase one IDS/IPS subscription for the cluster master, you will

be able to download the signature updates as long as the master is active.

■ If the master goes down, the new master will not be able to download

signature updates because its hardware ID will not match the hardware

ID for the subscription.

■ When the master comes back up as the participant, it will not be able to

download signature updates because participants do not have access to

the Internet.

■ To restore the ability to download signatures, you must reboot the current

master to force the original master to resume its role as cluster master.

■ If you purchase an IDS/IPS subscription for each cluster member, you will

be able to download the signature updates at all times, regardless of which

module is the cluster master.

Failover No Failover

• TCP connections

• UDP connections

•NAT

• IPsec VPNs

– Site-to-site

• GRE tunnels

•ALGs

• IDS/IPS signatures

• ICMP traffic

• Connections to and from Self

• Multicast traffic

• Broadcast traffic

• Client-to-site

–L2TP over IPsec VPNs

– IPsec VPNs

• Rate limiting

• PPP connections

• IDS/IPS subscription