IPSec vs. PPTP Load balancing

Chris Carlson carlsonmail at YAHOO.COM
Fri Mar 3 10:06:37 EST 2000 

Andrew,

Everything I've seen has been vendor implementations
of load-balancing (and also fail-over).  I haven't
taken time to re-read through all the drafts, though.

There are also some "outside-the-box" load-balancers.
RadGuard makes one for some VPN vendors that sits
in-front of the VPN unit.

Nortel uses a "test" mechansim before the actual IPSec
tunnel is set up.  If Joe Users tries to connect to
NY-Contivity and it's busy, the NY-Contivity will
redirect the client to LA-Contivity, all prior to the
IPSec authentication setup.  RadGuard makes a balancer
for Nortel.

Any fancier load-balancing, like CheckPoint or Network
Alchemy, requires sharing of authentication
credentials and IPSec SA's between VPN units.  Not
trivial, but vendors have done it.

Good luck.
Chris
--

--- "Wightman,Andrew" <andrew.wightman at GARTNER.COM>
wrote:
> Can anyone tell me whether or not load balancing is
> a vendor implementation
> choice or if it is a recommendation based on an RFC?
> We are implementing a
> PPTP VPN with the Nortel Contivity. I have been
> given a requirement to use
> load balancing between a west and east coast system.
> It would seem to me
> that the protocol (IPSec or PPTP) would have to
> allow for a redirect on both
> the client and the server in order for this to work
> as well as vendor
> implementation. Nortel does have the option for load
> balancing in the IPSec
> config, but not PPTP. I have look through the RFC's
> but did not find
> anything. Can anyone shed some light on this?
>
> Thanks,
> Andrew
>
> PS. Everyone thank you for the great response on the
> email titled "SNIFFER"
> - it helped a lot!
>
> _________________________________
>
> Andrew Wightman
> Sr. Network Analyst
> GartnerGroup Inc.
> andrew.wightman at gartner.com
> 408.468.8662
>
> VPN is sponsored by SecurityFocus.COM
>
__________________________________________________
Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.
http://im.yahoo.com

VPN is sponsored by SecurityFocus.COM

More information about the VPN mailing list