IPsec Failover
SSO-Aware Protocol and Applications
SSO-supported line protocols and applications must be SSO-aware. A feature or protocol is SSO-aware
if it maintains, either partially or completely, undisturbed operation through an RP switchover. State
information for SSO-aware protocols and applications is synchronized from active to standby to achieve
stateful switchover for those protocols and applications.
The dynamically created state of SSO-unaware protocols and applications is lost on switchover and must
be reinitialized and restarted on switchover.
To see which protocols are SSO-aware on your router, use the following commands show redundancy
client or show redundancy history.
IPsec Failover
IPSec failover is a feature that increases the total uptime (or availability) of a customer's IPSec network.
Traditionally, this is accomplished by employing a redundant (standby) router in addition to the original
(active) router. If the active router becomes unavailable for any reason, the standby router takes over the
processing of IKE and IPSec. IPSec failover falls into two categories: stateless failover and stateful
failover.
The IPsec on the Cisco ASR 1000 Series Router supports only stateless failover. Stateless failover uses
protocols such as the Hot Standby Router Protocol (HSRP) to provide primary to secondary cutover and
also allows the active and standby VPN gateways to share a common virtual IP address.
Bidirectional Forwarding Detection
Bidirectional Forwarding Detection (BFD) is a detection protocol designed to provide fast forwarding
path failure detection times for all media types, encapsulations, topologies, and routing protocols. In
addition to fast forwarding path failure detection, BFD provides a consistent failure detection method
for network administrators. Because the network administrator can use BFD to detect forwarding path
failures at a uniform rate rather than the variable rates for different routing protocol hello mechanisms,
network profiling and planning is easier, and reconvergence time is consistent and predictable.
For more information on BFD, see the
For the Cisco ASR 1000 Series Routers, BFD for IPv4 Static Routes and BFD for BGP are supported.
Cisco ASR 1000 Series Aggregation Services Routers Software Configuration Guide
5-6
Bidirectional Forwarding Detection
Chapter 5
High Availability Overview
document.
OL-16506-10