Netreo is well suited to monitoring devices that use virtual shared IP addresses to achieve redundancy. Examples of this include firewalls, routers, and server clusters, among others.
Some of the protocols used to achieve this include the “Hot Standby Router Protocol” (HSRP), “Virtual Router Redundancy Protocol” (VRRP), and other proprietary methods of monitoring an active/standby configuration.
In this type of configuration, an active and a backup/standby device have individual addresses, as well as a “virtual” IP address (VIPA) shared between them that is assigned to the active device. Should that device fail, the backup system will assume the VIPA and users can continue to forward traffic to the Internet without interruption.
The best practice to monitor this configuration using Netreo is to configure three devices into your Netreo appliance:
- Firewall A: 10.1.1.10
- Firewall B: 10.1.1.20
- Virtual Firewall: 10.1.1.1
When performing scheduled maintenance, you can place Firewall A or B in a maintenance window, for example to perform scheduled software updates.
Even if you do not place the Virtual Firewall into a maintenance window, you will still be alerted if there is a connectivity problem during your maintenance (for example, if Firewall B fails during the time when Firewall A is being upgraded). This also allows you to run uptime reports to show that your Virtual Firewall (and thus the service provided to the users) has a 100% uptime if no failures that interrupted service have occurred, even if Firewall A or B had individual failures.