High Availability (HA)

IHAP

High Availability (HA) ensures network connectivity between the Data Center or Branch Office and the remote Sites in the case of appliance failure. The objective of this deployment is to use the backup appliance if the nominal appliance fails.

This configuration is done on the LAN panel of each appliance.

Create a IHAP Profile

1 Select the High-Availability function and activate it.
2 Check IHAP as HA Type and click the Add New Profile button.
3 Type the Name of the new IHAP profile and configure it as follows:

Note: A Default IHAP Profile with predefined configuration parameters is available.

Appliance bad health criteria for recognizing a failover condition:
any (default): failover condition is confirmed when any monitored interface is down
all: failover condition is confirmed when all the monitored interfaces are down
Interfaces to monitor: select the interfaces you want to monitor.
Keep alive: keep alive time in milliseconds. The authorized range is [50 - 10000]. The default value is 100 ms.
Peer dead factor: used to tune up the waiting time of the backup appliance before acknowledging the unresponsive active peer as down. The authorized range is [3 - 10]. The default value is 5.
Tunnel persistence: by default, this option is disabled, i.e. there are no mounted tunnels on the standby appliance.
Preemption: this option is enabled by default. It means that the nominal standby appliance can preempt the backup active appliance and become active again.
4 Click Save to validate your settings.

Configure the SD-WAN appliances

Nominal appliance

Note: Both MultiPath and MultiWAN modes are supported for this type of HA deployment.

Note: Disable the Bypass option (enabled by default) on any WAN interface to avoid loops when the appliance reboots.

1 Select the Peer Appliance (backup appliance).
2 Select the Nominal Role and choose a Profile, either the default one or a profile you have created.

The parameters associated with the selected IHAP Profile are displayed in read only mode.

3 Save your configuration.

Backup appliance

4 Select the Peer Appliance (nominal appliance).
5 Select the Backup Role and choose the same IHAP Profile as for the Nominal appliance.

The parameters associated with the selected IHAP Profile are displayed in read only mode.

6 Save your configuration.

Check peering connections in the SD-WAN application

1 On the Appliances page, select each HA appliance and check its HA Status in Advanced Troubleshooting -> Routing -> HA.
2 If the HA configuration is not operational, check if there are any HA alarms related to the configured HA Site on the Alarms Management page.

VRRP

VRRP (Virtual Router Redundancy Protocol). This configuration is done on the LAN panel of each appliance.

Warning: VRRP deployment is not supported for a Branch Office Site with two full router appliances in multipath mode.

Configure the SD-WAN appliances

Backup appliance

1 Select the High-Availability function and activate it.
2 Check VRRP as HA Type and select the VRRP Virtual router.
3 Enter a value between 1 and 255 in the Virtual Router ID field.
4 Select Backup as Initial State. This means that this appliance is used as the backup machine if its associated appliance fails.
5 Health Check; by default, all existing WAN interfaces are checked. Modify these settings if necessary.
6 Save your configuration.

Master appliance

Follow the same procedure as for the Backup appliance, except that Master should be selected as Initial State.

Optionally customize the VRRP Settings

Warning: only VRRP Version 2 is supported. Delays can only be defined in seconds or in milliseconds divisible by 1000.

General

Advertising Interval (seconds): the virtual router (master) sends VRRP advertisements to other VRRP routers in the same group. The priority and group ID of the virtual router master are carried in the advertisements. Advertisements are sent every second by default.
Priorities - Master, Backup and Failed Check: priority values for the VRRP preemption mechanism. The device with the highest priority within the group becomes the master.
If Preemption is activated (by default), the following rules apply by decreasing order of preference:
the virtual router backup that is elected to become the master remains the master until the original virtual router master recovers and becomes the master again (master/backup deployment).

Mechanism:

if the LAN interface is down, it is in FAULT state

with the And logical operator, any health checked WAN interface that goes down degrades the priority by the specified Failed Check

with the Or logical operator, the priority is not degraded until all health checked interfaces are down

If preemption is disabled:
the virtual router backup that is elected to become the master remains the master until the original virtual router master recovers and becomes the master again (master/backup deployment)
the virtual router backup that is elected to become the master remains the master until it is in FAULT state. The other backup virtual router becomes the master and remains the master until it is in FAULT state; if both virtual routers are down, traffic stops. When the first backup virtual router recovers (from FAULT state to Backup state), it becomes the master again (backup/backup deployment).

Mechanism:

if the LAN interface is down, it is in FAULT state

with the And logical operator, any health checked WAN interface that goes down triggers a router switch to FAULT state

with the Or logical operator, the virtual router switches to FAULT state if all health checked WAN interfaces are down

Warning: when preemption is disabled, there is no progressive health degradation. This can lead to a Site being isolated even if there is still a working WAN interface. For this reason, activating preemption is strongly recommended.

Delay (seconds): delays VRRP transition to the master by the number of seconds specified (1 by default). This delay prevents the backup from becoming the master very frequently, in cases of network flapping.
Health Check Interfaces:
Interval (milliseconds): by default, health check on interfaces is executed every second
Fall: number of failed health checks before the device is considered in bad health
Rise: number of successful health checks before the device is considered in good health again

Gratuitous ARP

A Gratuitous ARP is an ARP Response that was not prompted by an ARP Request. The Gratuitous ARP is sent as a broadcast, as a way for a node to announce or update its IP to MAC mapping to the entire network.

Master:
Delay (seconds): delay for a second set of Gratuitous ARP messages after transition to Master. Default: 5. Enter 0 for no second set.
Repeat (count): number of Gratuitous ARP messages to send at a time after transition to Master. Default: 5
Refresh delay (seconds): minimum time interval for refreshing Gratuitous ARP messages while Master. Default: 0
Refresh repeat (count): number of Gratuitous ARP messages to send at a time while Master. Default: 5
Lower priority:
Delay (seconds): delay for a second set of Gratuitous ARP messages after a lower priority advert has been received when Master. Default: 5. Enter 0 for no second set.
Repeat (count): number of Gratuitous ARP messages to send at a time after a lower priority advert has been received when Master. Default: 5.

Tuning

Protocol Version: 2
VRRP multicast group: IPv4 address of the group that corresponds to the abstract representation of the master and backup routers.
Strict RFC adherence: check this option to ignore any customized settings and strictly adhere to VRRP rules.
When master, do not send advert after receiving lower priority advert: optional
When master, send advert after receiving higher priority advert: optional
Do not send second GARP burst of packets: optional
GARP Interval (microseconds): default interval between Gratuitous ARP messages sent on an interface
ARP NA Interval (microseconds): default interval between unsolicited NA messages sent on an interface