Home > Articles

  • Print
  • + Share This
This chapter is from the book

Cisco VPN 3000 Concentrator Load Balancing

Similar to redundancy, concentrator load balancing entails several concentrators running in parallel. There is also a master concentrator and a protocol to maintain the group, or cluster, called the Virtual Clustering Agent (VCA) load balancing protocol.

Load balancing entails all concentrators agreeing on a public virtual IP address that remote clients use to connect. At any given time, connections to this IP address are being serviced by the master of the cluster. The VCA protocol is the medium in which non-master concentrators report their current load value to the master. Because the master knows the load distribution of all the concentrators in the cluster, it can send a redirect message to the remote client during IKE negotiation. This message contains the public address of the underutilized concentrator to which the remote client can resume its connection. This is much more versatile because multiple devices can service tunnel sessions and offload interface and processing overhead. For load balancing to work, you must enable VCA filters on the public and private interfaces.

CAUTION

You cannot run load balancing in conjunction with redundancy. When configured for redundancy, the other concentrators are in an idle state, which nullifies the load balancing functionality.

  • + Share This
  • 🔖 Save To Your Account