Cipafilter Support:
Support@Cipafilter.com
309 517 2022 option 2
Mon - Fri 7 AM - 6 PM CT
Cipafilter Documentation - Hot Spare
Posted by Jim Giseburt, Last modified by Jim Giseburt on 11 April 2017 03:37 PM

Cipafilter's hot spare feature provides high availability by enabling one filter to monitor and take over for another in the event of failure. In a hot-spare setup, there are two filters: one is the primary unit (sometimes referred to as the master), and the other is the secondary unit (sometimes referred to as the slave or spare). Under normal operating conditions, the primary unit has the active status — that is, the status of the unit currently making use of the filter configuration and the one processing traffic. In a failure scenario, however, the secondary unit may assume the active status.

Configuration

To configure hot spare, a Unit Default Mode (described below) must be selected, and one of the partner unit's management IPs (as defined in the other filter's hot-spare settings) must be entered. Optionally, a wait interval (in seconds) can be set for the secondary unit.

The management IPs of the filter being configured can be defined in the Management Interfaces table. All management addresses persist independently of the filter's other IP settings. Since these addresses are always available, the settings defined here must be unique for each hot-spare partner.

Unit modes

The following unit modes are selectable from the Unit Default Mode drop-down:

  • Primary unit — The filter with this default mode set will be in the one in the active status during normal operating conditions.

  • Secondary unit — The filter with this default mode set will be the one which monitors the health of the primary unit. Under normal operating conditions, this unit will generally be in the spare status, but during a failure scenario it will assume the active status.

Unit statuses

Each unit will, at any given time, exist in one of the following statuses:

  • Active — This is the status of the filter which is currently processing traffic and allowing configuration changes. Normally, the primary unit is the active one. Changes to filter settings will automatically replicate from the active unit to the one in spare status.

  • Inactive — This is the status of the filter which is currently not active. When in this status, the unit is attempting to monitor the other unit; if it detects that the other has failed, it will take over the active status. A unit in the inactive status will allow changes only to the hot-spare configuration itself; changes to the rest of the filter configuration will be prevented.

Fail-over

When a secondary unit detects a failure, some form of fail-over must occur. The most common failure scenario is outlined below.

  1. The primary unit is in the active status, and the secondary unit is in the spare status.

  2. The secondary unit detects a failure.

  3. The secondary unit informs the primary unit that it is going to assume the active status, and does so.

  4. The primary unit relenquishes the active status by rebooting.

Limitations

Although the Hot Spare feature does provide a solution to reduce down time, it has some limitations.

  • Communication loss with partner but not rest of network — If the secondary unit is in the spare status, and it loses connection with the primary unit in the active status, then the secondary unit will assume that the other filter has crashed and will assume the active status. However, if the primary unit has not crashed but has actually lost connection to the secondary unit (without losing connection to the rest of the network), then the primary unit will remain in the active status as well. In this circumstance, both filters being active will cause an IP-address conflict.

    The Hot Spare feature will not function correctly until communication between the two filters is restored. In the event that this problem occurs, one of the units should be manually powered off (this should be possible by connecting to a management IP). Once the connectivity problem has been resolved, it is safe to physically power the unit back on.

  • Database — The Hot Spare function does not provide database redundancy. If the filters are configured to use the local database instead of a remote one, during a failure scenario the secondary unit will not have access to the database. Data from the period when the secondary unit was active will not be retained, and data on the primary unit will not be accessible until normal function is recovered.

  • DHCP leases — While static DHCP leases will be retained, dynamic leases may change sooner than otherwise expected. While worthwhile to be aware of, this should not impact network operation.

  • Bridging — The Hot Spare feature is fundamentally incompatible with interface bridging.

First set-up guide

The following guide outlines the set-up procedure for a new Hot Spare configuration. Before beginning, decide which filter will be the primary unit and which will be the secondary, and decide on the IP addresses you will use for their management. Then, read and understand this guide before proceeding with first-time set-up.

  1. Configure both filters to have the same cable set-up. All physical connections to the primary unit should be identical to those of the secondary unit, including VLAN set-up, etc.

  2. Give the root user the same password on both filters.

  3. Connect to the Web interface of the secondary unit and navigate to the Hot Spare page.

    1. Configure one or more Management Interfaces for this unit.

    2. Configure the Unit Default Mode for this unit (Secondary unit).

    3. Place one of the management IPs configured for the other filter (the primary unit) in the next step into the Partner Unit's Management IP box.

    4. Press Save Changes.

    5. Press Apply Management Interfaces.

  4. Connect to the Web interface of the primary unit and navigate to the Hot Spare page.

    1. Configure one or more Management Interfaces for this unit.

    2. Configure the Unit Default Mode for this unit (Primary unit).

    3. Place one of the management IPs configured for the other filter (the secondary unit) in the previous step into the Partner Unit's Management IP box.

    4. Press Save Changes.

    5. Press Apply Management Interfaces.

  5. Return to the Hot Spare page of the secondary unit and press Test Configuration. If everything has been configured correctly, a success message should appear. Check the Enable Hot Spare box and press Save Changes. A red error may appear, informing you that the configuration was not copied; this is normal in this situation and may be ignored.

  6. Return to the Hot Spare page of the primary unit and press Test Configuration. If everything has been configured correctly, a success message should appear. Check the Enable Hot Spare box and press Save Changes. Two success messages should appear — one will inform you that the changes were saved, and another should indicate that the changes have been successfully deployed to the partner unit.

  7. Reboot both filters.

(0 vote(s))
Helpful
Not helpful

Comments (0)
©Cipafilter 2017. All Rights Reserved.