Manualshelf

Installation guide

ManualsBrandsMcAfee ManualsOtherM3050 - Network Security Platform
11121314151617181920
C HAPTER 4
Understanding the current network topology
Understanding the current network topology is essential for the proper planning of McAfee
®
Network Security Platform failover solution. Rather, the more you understand about the
existing data flow, the less likely you run into obstacles during implementation.
The most common network topologies can be summarized as follows:
Two paths - Active/Passive
Two paths - Active/Active
A single path
Note: For usage scenarios regarding active/passive and active/active network
topologies, see the section Network Scenarios for Sensor High Availability (on page
33).
Two paths - Active/Passive
Most redundant links today are made up of active and passive paths. There are two ways
in and out of the network, but only one way will actually be available at any given time. The
path passing traffic is called the active path, and the one standing by in the event of a
failure is called the passive path.
HSRP, VRRP, Spanning Tree Protocol (STP), and Dynamic Routing Protocols, such as,
OSPF, EIGRP, and BGP, are arguably the most common technologies used to automate
network failover. Admittedly, many of these include options to balance traffic, but they are
historically configured to allow for one path to pass traffic at a time.
Two paths - Active/Active
Some networks will maintain two active paths to and from the Internet. In addition to
redundancy, these approaches can potentially double the available bandwidth, under
normal conditions.
In most cases, the two paths are not designed to share traffic unless there is a failure.
When all is well, a flow will be established on one of the paths, and all packets from that
flow will traverse the same path.
In some cases, however, the network infrastructure is designed in such a way that cross
both paths under normal circumstances. For example, inbound requests might come in on
path A and outbound responses might go out on path B. Such traffic is said to be
asymmetrically routed.
Of course, if one path becomes unavailable, all traffic will be routed across the remaining
path.
4