cancel
Showing results for 
Search instead for 
Did you mean: 

replication traffic between active and standby unit

tkhan_
New Contributor

replication traffic between active and standby unit

Hi all

I have 2 new IVE 4500 fips devices which I am planning to deploy in active standby mode in 2 datacenters. 2 datacenters are about 100 miles apart from each other with a layer 2 link between them. I need to know that the replication traffic between active and passive devices is encrypted or clear text. I can not find any reference in the documentation on whether replication traffic between devices is encrypted or what protocol does it use. Appreciate if some one could throw light on this or point to right documentation.

Regards

4 REPLIES 4
Mrkool_
Super Contributor

Re: replication traffic between active and standby unit

good question

so i did a quick capture on my internal port and my primary and passive 2ndary are talking on udp and TCP port 4804.

the data field looks encrypted but i could be wrong.

tkhan_
New Contributor

Re: replication traffic between active and standby unit

Many thanks for the reply. can you see what protocols are used for data encryption. Is it possible to use only external link for replication traffic or in active standby configuration I need both internal and external vips.

Regards

Mrkool_
Super Contributor

Re: replication traffic between active and standby unit

I am pretty sure Juniper only uses the internal NIC to do the replication there is no option to choose which interface you want the replication traffic to go out of.

You can have only external VIP as an internal VIP is only for inbound traffic so unless you have internal users getting to the IVE you do not really need an internal VIP.

the encapsulation is 3Com XNS not sure about encryption method

DanTulovsky_
Occasional Contributor

Re: replication traffic between active and standby unit

It is encrypted. It uses a pre-shared key (based on the cluster password).