Configure Anycast
Secure Access Virtual Appliances enable the use of Anycast DNS addressing within an enterprise.
The advantage of using Anycast is that all your endpoints can use the same DNS IP address irrespective of the Site where they belong. Configuring an Anycast IP address on the VA adds resiliency for DNS resolution.
The VA currently supports enabling Anycast using the BGP protocol. This requires support for BGP on the VA's neighboring router, or any router that is reachable from the VA within 255 hops.
You can configure up to 4 routers running BGP as BGP peers for the VA.
Two VAs in different branches can also be configured with the same Anycast IP address, ensuring resiliency across branches. However, if AD integration is required, these VAs must be in the same Secure Access Site, since the AD Connector propagates IP-AD user mappings only to VAs in its Secure Access site.
Secure Access supports the configuration of IPv4 addresses as an Anycast address on the VA.
Secure Access Virtual Appliances use Anycast for load balancing. Secure Access has verified the use of Anycast for load balancing on the VA in on-premises deployments: VMware and Hyper-V. However, for VAs that are deployed in the cloud, the use of Anycast depends on the egress networking support provided by the cloud environment's virtual switches (vSwitches).
|
Anycast for VAs is not supported on Google Cloud Platform (GCP) due to limited support on the GCP infrastructure.
|