Overview
Chapter 8: Configuring High Availability
173
Chapter 8
This chapter describes how to configure High Availability (HA) for two or more IP60 appliances.
This chapter includes the following topics:
Overview .................................................................................................. 173
Configuring High Availability on a Gateway ........................................... 175
Sample Implementation on Two Gateways .............................................. 178
Overview
You can create a High Availability (HA) cluster consisting of two or more IP60 appliances. For example,
you can install two IP60 appliances on your network, one acting as the ―Master‖, the default gateway
through which all network traffic is routed, and one acting as the ―Backup‖. If the Master fails, the Backup
automatically and transparently takes over all the roles of the Master. This ensures that your network is
consistently protected by a IP60 appliance and connected to the Internet.
The gateways in a HA cluster each have a separate IP address within the local network. In addition, the
gateways share a single virtual IP address, which is the default gateway address for the local network.
Control of the virtual IP address is passed as follows:
1.
Each gateway is assigned a priority, which determines the gateway's role: the gateway with the
highest priority is the Active Gateway and uses the virtual IP address, and the rest of the
gateways are Passive Gateways.
2.
The Active Gateway sends periodic signals, or ―heartbeats‖, to the network via a
synchronization interface.
The synchronization interface can be any internal network or bridge existing on both gateways, except
the WAN interface.
3.
If the heartbeat from the Active Gateway stops (indicating that the Active Gateway has failed),
the gateway with the highest priority becomes the new Active Gateway and takes over the
virtual IP address.
4.
When a gateway that was offline comes back online, or a gateway's priority changes, the
gateway sends a heartbeat notifying the other gateways in the cluster.
If the gateway's priority is now the highest, it becomes the Active Gateway.
The IP60 appliance supports Internet connection tracking, which means that each appliance tracks its
Internet connection's status and reduces its own priority by a user-specified amount, if its Internet
connection goes down. If the Active Gateway's priority drops below another gateway's priority, then the
other gateway becomes the Active Gateway.
Configuring High Availability
Summary of Contents for IP60 - Security Appliance
Page 1: ...Part No N450000643 Rev 001 Published February 2008 Nokia IP60 Security Appliance User Guide ...
Page 4: ...4 Nokia IP60 Security Appliance User Guide ...
Page 10: ......
Page 12: ......
Page 38: ......
Page 58: ......
Page 108: ......
Page 268: ......
Page 482: ......