<\/span><\/h4>\nNSRP is the protocol that allows clustered Netscreens to communicate with each other and allows them to exchange state information. Which in turn allows them to make the required decisions to ensure traffic is still passed in the event of failure.<\/p>\n
When NSRP is enabled a VSD (Virtual Security Device) is created, along with the configuration of the physical interfaces being applied to VSI`s Virtual Security Interfaces. Each VSD belongs to a VSD group. In each VSD group, one VSD is nominated as a master VSD. Each VSD will sit on each firewall. Only the master VSD (Active firewall) will pass the traffic. Along with this the IP addresses assigned to a VSI follow the master VSD. With regards to the management IP`s these stay static to each firewall.<\/p>\n
<\/p>\n<\/p>\n
<\/strong><\/p>\n<\/span>NSRP States<\/strong><\/span><\/h4>\nAt any one time each VSD can be in one of 6 states.<\/p>\n
\n- Master<\/li>\n
- Primary Backup<\/li>\n
- Backup<\/li>\n
- Initial<\/li>\n
- Ineligible<\/li>\n
- Inoperable<\/li>\n<\/ol>\n
Initial<\/strong> – Occurs when a VSD is first created due to reboot or configuration change. While in this state the VSD learns other devices in the VSD group, syncs the state with other VSD`s, and elections for which VSD should be master.
Master or Backup<\/strong> – Each VSD then either goes into a master or backup state.
Primary backup<\/strong> – If the backup node finds there is no primary backup VSD it sets itself to the Primary Backup for the VSD group. When in this state the VSD can either be prompted to master due to the old VSD disappearing or goes into an inoperable state.
Inoperable<\/strong> – The VSD will go into this state if it detects a failure that stops it from passing traffic, when in this state the VSD isnt included in elections.
Ineligible<\/strong> – This is an administratively down state of a VSD, of which is done manually. `set nsrp vsd-group id [number] mode ineligable`.<\/p>\nThe Master VSD is determined,<\/p>\n