HomeProducts › Zorp Gateway ›
Zorp Gateway

Clusters

The continuous operation of the network gateway is essential, as different segments of the network (e.g.: Internet - intranet, clients - servers, etc.) can communicate only via the gateway. This communication stops if the gateway breaks down because of a hardware or program error, rendering the business-critical services unaccessible. The aim of clustering is to avoid such situations by using multiple identically configured hardware for the same task. Clustering has two main goals: to provide high availability and load balancing. cluster

High availability (HA)

HA clusters reduce downtimes and ensure the functionality of the system during scheduled shutdowns, or when an element (node) of the cluster breaks down. Only one node is active at a time; the other nodes monitor the active one. If an active node stops, a replacement takes its role.

Load balancing (LB)

The aim of the cluster is to handle large traffic that is too much for a single device to process. To accomplish this, all nodes operate simultaneously, and the load is balanced evenly between them. It is important that for multi-channel protocols (like FTP) all channels arriving from a client must be directed to the same node. Intelligent load balancing based on status information is also possible using Python scripts.

Clustering the components of Zorp

All elements required for the uninterrupted operation of Zorp can be clustered: Zorp itself, the content vectoring system (ZCV), and the authentication system (ZAS).
Most IT security policies forbid allowing uncontrolled content to enter the network, therefore using a single content vectoring server is not enough, since any error can halt the entire traffic. Depending on the strictness of the content filtering policy (e.g.: the number of virus filtering modules used) and the amount of traffic passing the firewall, a load balancing cluster might be required to process the traffic with the required speed.

Supporting server clusters with Zorp

Zorp is often used to protect server clusters. In such cases it is useful if Zorp itself can direct the incoming connection to the active nodes of the cluster. Zorp supports failover connections, meaning that if a node of a server cluster is unavailable, connections are automatically forwarded to the next active node. Zorp can also distribute incoming connections using the round-robin method, directing each new connection to the next active node.

Supported clustering solutions

For high availability

  • Service IP takeover
  • MAC address takeover
  • Takeover based on RIP messages

For load balancing:

  • DNS-based load balancing
  • Load balancing using an external device
  • Multicast MAC address based load balancing