IPsec-GW redundancy method with high reliability

A large-scale disaster may cause communication failure in the case of IPsec-VPN. Trouble with an IPsec-GW is one of the reasons this failure happens. Generally, it is better to expand the area in which communication is restored by using an IPsec-GW redundancy method. The existing Ipsec-GW redundancy method reduces communication failure time. In this method, IPsec-GWs synchronize IPsec information in advance, and when an active GW fails, a standby GW takes over processing from the active GW. However, this method cannot be applied to devices deployed in different segments of the network. Thus, in this paper, we propose an IPsec-GW redundancy method that can be applied to IPsec-GWs that are deployed in different segments. The existing method is a framework that synchronizes IPsec information between an active IPsec-GW and a standby IPsec-GW. It enables communication to continue when the active GW fails. However, this method cannot completely prevent communication failures. Therefore, we propose which information should be synchronized and at what time. This proposal can reduce the processing load of the network.