Nokia adds cluster features to VPN gear
- 09 July, 2002 11:13
Nokia last week announced software for its VPN appliances that will let users strap together the devices to improve performance and protect against critical VPN sites crashing.
Clustering technology included in Version 3.6 of Nokia's IPSO operating system will let businesses group as many as four of its IP series of VPN appliances so that if one fails, the others will pick up its work without dropping active sessions.
In addition to keeping sites alive, the clusters will share the workload, which will increase the VPN processing power at a clustered site. Throughput for the clusterable IP series appliances ranges from 100Mbps to more than 1Gbps.
With IP clustering technology, the Nokia VPN gateways share a single IP address and appear to the network as a single device. The VPN gateways -- part of Nokia's IP 300, 400, 500, 600 and 700 series -- are based on Check Point Software Technologies' VPN-1/Firewall-1 software.
Other vendors such as Cisco Systems and WatchGuard Technologies have high-availability and failover options for their gear, but they either need an idle standby unit to failover to or time to re-establish VPN links that get dropped when a device fails. NetScreen Technologies does failover along the lines of Nokia, with clustered devices sharing the workload until one fails, and then the rest picking up the failed device's sessions, says Jeff Wilson, director of research for Infonetics.
In future releases of the clustering software, Nokia will make it possible to create clusters of more than four machines, says Dan MacDonald, a Nokia vice president of product management and marketing.
Customers can configure clusters to have one device handle more of the load. So if a Nokia IP 650 and a larger IP 740 were clustered, more traffic could be directed to the 740 than the 650.
A drawback to clustering is that it creates 10 per cent overhead needed for each device to keep track of the others' sessions. So if the maximum throughput of a standalone appliance is 1Gbps, when clustered the throughput would drop to 900Mbps, according to MacDonald.
The new management software for the devices, called Network Voyager, will include a feature called Cluster Monitor that displays how long a cluster has been up, the number of active sessions and how many ports are being used.
IPSO 3.6 is available as a free download to customers who have a software subscription, and it will ship standard with new boxes. IPSO 3.6 is in beta testing now and is scheduled to ship next month.