High Availability & VXLAN
MountainBox, MountainCare, MountainCentral, MountainCloud, MountainView, iDiG, Wi-iDiG and iDiGOS are trademarks of 5th Mountain Networks (Pty) Ltd.
Copyright © 2020 5th Mountain Networks (Pty) Ltd.
Turning Best-Effort Networks into Great Networks
High Availability

MountainBox features full redundance for hardware failover. Two or more firewalls can be configured as a failover group. If one interface fails on the primary or the primary goes offline entirely, the secondary becomes active. Utilising this powerful feature creates a fully redundant firewall with automatic and seamless fail-over. While switching to the backup network connections will stay active with minimal interruption for the users.

Automatic failover

If the primary firewall becomes unavailable, the secondary firewall will take over without user intervention and minimal interruption.

Synchronized state tables

The firewall’s state table is replicated to all failover configured firewalls. This means the existing connections will be maintained in case of a failure, which is important to prevent network disruptions. Configuration synchronisation MountainBox includes configuration synchronisation capabilities. Configuration changes made on the primary system are synchronized on demand to the secondary firewall.

Server virtualisation has placed increased demands on the physical network infrastructure. A physical server now has multiple Virtual Machines (VMs) each with its own Media Access Control (MAC) address.

This requires larger MAC address tables in the switched Ethernet network due to potential attachment of and communication among hundreds of thousands of VMs.

In the case when the VMs in a data center are grouped according to their Virtual LAN (VLAN), one might need thousands of VLANs to partition the traffic according to the specific group to which the VM may belong. The current VLAN limit of 4094 is inadequate in such situations.

MountainBox therefore fully supports VXLAN.

VXLAN is an evolution of efforts to standardise on an overlay encapsulation protocol. It increases scalability up to 16 million logical networks and allows for layer 2 adjacency across IP networks.

Multicast or unicast with head-end replication (HER) is used to flood broadcast, unknown unicast, and multicast (BUM) traffic.

This includes VXLAN support in the event that the limited number of possible VLANs is no longer sufficient in really large network environments. IPsec connections can be authenticated using a public key. In addition to RSA, elliptic curves (ECC) are now available as key types when generating your own TLS certificates.
Available as a Managed Service - Halo