Why can't I HA the boxes between two sites giving less than 1ms latency?

Question

TM

Network Consultant

Why can't I HA the boxes between two sites giving less than 1ms latency?

Asked over 5 years ago

1. I have two Data Centres, 20 miles apart, connected by 2 X 10 Gig Dark fibres, giving 1ms latency between the two. However, I can't HA the SDWAN box between DCs. I have other vendors running in one big cluster and in HA at both DCs. 2. At remote offices I have directly terminated the internet circuits on SDWAN box, it doesn't have the capability to establish an IPSEC tunnel on its untrusted or trusted interface with a firewall sitting at another office.

SD-WAN Software

Comment

1 comment

1

Looks like you’re not logged in.

Users need to be logged in to answer questions

Log In

Timothy E. · Answer 1 · 2019-11-22T11:05:16-06:00

In response to your first point, Oracle can in fact support this. However, we don’t recommend it and prefer/recommend having HA pairs at each location – for two key reasons: Failure of the interconnect could result in both appliances becoming active, resulting in unpredictable network behavior The alternative approach using Geographically Diverse controllers would provide quicker and deterministic failover between data centers in the case of a major data center failure. Your second point is incorrect. Oracle can and does support the ability to establish IPSec tunnels on either untrusted or trusted interfaces. We support policy-based VPNs today; we are looking into supporting route-based VPNs in the future. For any further comments or questions please feel free to reach out to the Oracle SD-WAN team via email at: oraclecomms_ww_grp@oracle.com@oracle.com. with any further comments, concerns, or suggestions you wish to share.

Why can't I HA the boxes between two sites giving less than 1ms latency?

About Oracle SD-WAN