Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Synchronizing Virtual Router Configurations and RunTime Objects (NSM Procedure)

 

The virtual router synchronization tasks are as follows:

Synchronizing Virtual Router Configurations

After you add new members to an NSRP cluster, you must synchronize the configuration and files from one device to another.

To synchronize configurations:

  1. In the NSM navigation tree, select Device Manager > Devices, and then double-click the cluster to open the cluster configuration.

  2. In the Device Manager, double-click the cluster to open the cluster configuration.

  3. In the cluster navigation tree, select NSRP Directives > Flash Sync.

  4. Select the device that will be used to synchronize the other device and click Perform Sync. The device that has been synchronized is automatically rebooted to activate the new configuration.

  5. Click OK to save your changes to the cluster.

Configuring the Virtual Router Synchronization Settings

You can configure the virtual router information for the cluster or cluster members. For devices running 5.0, you must configure the virtual router settings at the system level (the cluster).

For devices running ScreenOS 5.1 and later, you can configure the virtual router setting at the system level (the cluster) or at the local level (cluster member). By default, cluster members automatically use the virtual router settings of the cluster. To use different vrouter settings for each cluster member, you must disable NSRP configuration synchronization for the vrouter at the system level:

  1. In the NSM navigation tree, select Device Manager > Devices, and then double-click the cluster to open the cluster configuration.

  2. In the cluster navigation tree, select Network > Virtual Router. Double-click the trust-vr virtual router. The General Properties screen appears.

  3. Clear the Enable NSRP Configuration Sync for Vrouter check box, and then click Apply to save your changes to the cluster.

  4. In the cluster navigation tree, select Members and double-click a cluster member device to open the device configuration. Edit the virtual router settings as desired.

    Note

    The Enable NSRP Configuration Sync setting does not affect the virtual router ID. The virtual router ID setting is always configured at the local level (cluster member).

  5. Click OK to save your changes to the cluster member, and then click OK to save your changes to the cluster.

Synchronizing Runtime Objects

After synchronizing the configurations and files, you can then synchronize the runtime objects (RTOs). RTOs are code objects created dynamically in memory during normal operation. Some examples of RTOs are session table entries, ARP cache entries, DHCP leases, and IPsec security associations (SAs). In the event of a failover, the new primary device must maintain the current RTOs to avoid service interruption.

To ensure session back up, the members of an NSRP cluster backup the RTOs using an RTP mirror group. An RTO mirror group is two security devices that pass RTOs unidirectionally from a sender to a receiver. You can also create a second mirror group (with a different group ID from the first group) for the same devices but reverse the roles of sender and receiver. Working together, each member backs up the RTOs from the other, which permits RTOs to be maintained if the primary device of either VSD group in an active/active HA scheme fails.

After you add the cluster members, you can configure RTO synchronization to enable each member to send and receive RTOs. However, by default, NSRP cluster members do not synchronize their configurations before synchronizing RTOs; before enabling RTO synchronization, you must first synchronize the configurations between the cluster members. Unless the configurations on both members in the cluster are identical, RTO synchronization might fail.