High Availability (HA)

Section 8

1
Section objectives

Discuss High Availability and its options

Active-Standby mode
Active-Active mode
Configure Active-Standby HA

2
Active-Standby mode

Active AX processes all the production

traffic
Standby AX does not process any
production traffic
Standby AX mirrors all L4 session
information from Active AX
Reliability is scaled but not performance

3
Active-Standby Failover

Peer AX elected as active

Gratuitous ARPs for virtual, floating and
NAT IPs are sent
Existing mirrored sessions are picked up
by newly elected active AX
New sessions are served by newly
elected active AX

4
Active-Active mode

Both AX units process the production

traffic
Session and state information is mirrored
between both AX units
Performance is scaled in addition to
reliability

Note: Do not exceed 50% utilization on

each unit for full HA

5
Active-Active Failover

Peer AX is elected active for HA group 2

and sends gratuitous ARPs for virtual IPs,
floating IPs, and NAT IPs
Existing mirrored sessions are picked up
by peer AX
Peer AX serves requests for both HA
groups

6
Active-Standby diagram

` ` `

Clients

Router Router
VRRP, ESRP, etc.
Virtual IPs
192.168.10.1
192.168.20.1
AX1 VLAN 192 VLAN 192 AX2
HA ID 1 Eth 1, 2 Eth 1, 2 HA ID 2
HA pre-emption VE 192 – 192.168.10.2 VE 192 – 192.168.20.2 HA pre-emption
HA group 1 priority 200 HA group 1 priority 100
Floating IP 10.10.10.1 Floating IP 10.10.10.1

VIP1 VIP1
HA group 1 Eth5 / VLAN5 Eth5 / VLAN5 HA group 1
Port 80 ha-conn-mirror 10.10.30.1 10.10.30.2 Port 80 ha-conn-mirror
VIP2 VIP2
HA group 1 VLAN 10 VLAN 10 HA group 1
Port 80 ha-conn-mirror Eth 3, 4 Eth 3, 4 Port 80 ha-conn-mirror
VE 10 – 10.10.10.2 VE 10 – 10.10.10.4

Layer 2 Layer 2
Switches Switches

10.10.10.10 10.10.10.11 10.10.10.12 10.10.10.13

7
Active-Active diagram

` ` `

Clients

Router Router
VRRP, ESRP, etc.
Virtual IPs
192.168.10.1
192.168.20.1
AX1 AX2
HA ID 1 VLAN 192 VLAN 192 HA ID 2
HA pre-emption Eth 1, 2 Eth 1, 2 HA pre-emption
HA group 1 priority 1 VE 192 – 192.168.10.2 VE 192 – 192.168.20.2 HA group 1 priority 255
Floating IP 10.10.10.1 Floating IP 10.10.10.1
HA group 2 priority 255 HA group 2 priority 1
Floating IP 10.10.10.100 Floating IP 10.10.10.100

VIP1 Eth5 / VLAN5 Eth5 / VLAN5 VIP1

HA group 1 10.10.30.1 10.10.30.2 HA group 1
Port 80 ha-conn-mirror Port 80 ha-conn-mirror
VIP2 VLAN 10 VLAN 10 VIP2
HA group 2 Eth 3, 4 Eth 3, 4 HA group 2
Port 80 ha-conn-mirror VE 10 – 10.10.10.2 VE 10 – 10.10.10.4 Port 80 ha-conn-mirror

Layer 2 Layer 2
Switches Switches

10.10.10.10 10.10.10.11 10.10.10.12 10.10.10.13

8
HA support

All AX integration modes support HA

Routed mode
Active-Standby, Active-Active
One-Arm mode
Active-Standby, Active-Active
Transparent mode
L2 Active-Standby
DSR mode
Active-Standby, Active-Active

9
Initial selection of Active AX

After initial selection, AX remains Active

unless :
Standby AX stops receiving HA
heartbeat from Active AX
HA interface status of the Active AX
becomes lower than Standby AX’s
VLAN-based failover is triggered
Gateway-based failover is triggered
HA pre-emption is enabled, and the
configured HA priority is changed to
be higher on the Standby AX

10
Events causing HA Failover
By default, a failover occurs only in the
following cases:
Standby AX stops receiving HA heartbeat
form Active AX
HA interface state changes give the
Standby AX device a better HA state than
the Active AX device
VLAN-based failover is configured and the
VLAN becomes inactive.
Gateway-based failover is configured and
the gateway becomes unavailable.
VIP-based failover is configured and the
unavailability of real servers causes the
Standby AX to have the greater HA priority
for the VIP’s HA group
By default, failover does not occur due to
HA configuration changes to the HA
priority.
To enable the AX devices to failover in
response to changes in priority, enable HA
pre-emption.
11
Active-Standby configuration (p. 1 of 2)

Configure HA Global settings

Identifier (AX1 = 1 , AX2 = 2)
HA Status: Enabled
(optional) HA Mirroring IP address: Remote AX Sync interface
(optional) Preempt: to failover to a higher AX when available
Group1 with priority 200 on AX1 (priority 100 on AX2)
Floating VIP for Group1: IP addresses defined on servers' gateway (VRRP-like)
(optional) IP and VLAN check (Note: IPs have to be defined as SLB-Server too)
Configure HA interfaces
All interfaces used with production traffic (+ AX interlink if exists)
Note: We recommend a dedicated direct interlink between the AX so sync traffic is off the
production network

12
Active-Standby configuration (p. 2 of 2)

Configure NAT pool HA settings

In IP Source NAT, associate the HA Group with IPv4 Pools, IPv6 Pools, NAT Ranges, or Static
NAT
Configure VIP HA settings
In VIP settings, associate HA Group with the VIP
(optional) Enable Dynamic Server Weight: Reduce the AX HA Group priority when a server is
down
(optional) Enable HA Connection Mirroring on the VIP ports: To synchronize SLB session table
(available for TCP, UDP, RTSP, FTP, MMS and SIP VIP types)
Note: For HTTP/HTTPS VIP types, the client session is terminated on the AX device. HA
Connection Mirroring is not available for these VIP types.

13
Active-Active configuration

Same as Active-Standby with two groups defined

Step2:
Group1 with priority 200 on AX1 (priority 100 on AX2)
Group2 with priority 100 on AX1 (priority 200 on AX2)
Step3:
Associate Group1 with half of the VIPs and Group2 with the second half
Step4:
Associate Group1 with the NAT Pools used by VIPs in Group1 and Group2 with the NAT Pools used
by VIPs in Group2

14
Lab

Configure HA Active/Standby mode with your neighbor

15
Section summary

We discussed High Availability modes

Active-Standby
Active-Active
We have configured Active –Standby HA mode

16
Course map

Section 0: Course Introduction

Section 1: Load Balancing Concepts
Section 2: AX Management
Section 3: FTP
Section 4: HTTP
Section 5: HTTPS
Section 6: AX Acceleration
Section 7: AX Security
Section 8: High Availability
Section 9: AX Troubleshooting
Section 10: aFleX

17