1 / 42

APV Technical Training

APV Technical Training. Chapter 11 - Array Clustering Technology ™. Objectives. To understand Array Cluster Technology concepts and configuration. Topics. Unit 1: Array Cluster Overview Unit 2: Virtual Cluster Configuration. Unit 1: Array Cluster Overview. Array Clustering Technology ™

lazar
Télécharger la présentation

APV Technical Training

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. APV Technical Training Chapter 11 - Array Clustering Technology™

  2. Objectives • To understand Array Cluster Technology concepts and configuration.

  3. Topics • Unit 1: Array Cluster Overview • Unit 2: Virtual Cluster Configuration

  4. Unit 1: Array Cluster Overview • Array Clustering Technology™ • Benefits • Cluster Types

  5. Array Clustering Technology™ • What is Array Clustering Technology™? • Allows 2 (or more) Array devices to be grouped together to form a logical device. • Provides scalability and high availability within a local site. Internet Array1 Array2 Array3 Array Cluster

  6. Array Clustering Benefits • Linear scalability in performance • Increased capacity for each node added. • Clustering of up to 32 Array APVs (2 for Array APV900/1200) • All cluster nodes can be active (active-active vs active-standby configuration) • High availability • Cluster nodes provide failover functionality for each other. • N+1 redundancy for Array APV clusters (1+1 for Array APV900/1200) • Fast failover time

  7. Unit 2: Virtual Cluster Configuration • Virtual Clustering Overview • Active-Standby Virtual Clustering • Active-Active Virtual Clustering • Virtual Clustering Configuration

  8. Virtual Clustering Overview • Provides high availability and scalability for: • Cluster for SLB Virtual IPs on any interface. • Cluster for NAT IPs on all interface, provides resilient default gateway. • Implementation is a variation on VRRP (RFC 2338) • Active/Inactive and Master/Backup states. • Priorities and pre-emption supported. • Uses an IP Multicast (224.0.0.18) for advertisements • Advertisement authentication supported. • Configurable advertisement interval. • All devices in the cluster should have the same physical configuration for symmetrical failover protection • Mixing APV models in a cluster is not recommended

  9. Virtual Clustering Overview • Clustering can be configured for Active-Standby or Active-Active mode • Active-Standby • All VIPs are Master on one Array in the cluster. • All VIPs are Backup on all other Array devices in the cluster. • Backup transitions to be Master when the Master fails. • Active-Active • Each Array in the cluster has a different Master VIP or cluster_id. • Disperse load on each Active node, failover protection amongst the active nodes.

  10. Virtual Clustering States • Cluster node with Master VIP • Will process traffic. • Respond to ARP requests for VIP addresses. • Respond to connection requests. • Cluster node with Backup VIP • Will not process traffic. • Will not respond to ARP requests for VIP addresses. • Will not respond to connection requests. • Will listen for updates from the node with Master VIP. • If the Master stops sending updates, the Backup with the highest priority will become Master and process requests.

  11. Array Cluster Priorities and Pre-emption • Each cluster node or cluster VIP has an assigned priority (default=100). • Cluster priority determines which node becomes Master. • Node with highest priority becomes Master. • If Backups do not hear Master’s advertisements for 3 intervals (default), node with next-highest priority becomes Master. • If pre-emption is enabled and another node joins the cluster with a higher priority • Previous Master will go into Backup state. • Node with higher priority becomes Master.

  12. Active-Standby Virtual Clustering • Active-Standby With Two Nodes • Array1 is current Master • Handles SLB traffic for VIP • Array2 has Backup status • Listens for advertisements from Master • Will assume Master status if Array1 stops sending advertisements (i.e., Array1 fails). Web Clients Internet SLB VIP – Master SLB VIP – Backup Array1 Array2 Web Servers

  13. Active-Active Virtual Clustering • Active-Active With Two Nodes • Array1 is Master for VIP1 and Backup for VIP2 • Handles SLB traffic for VIP1 • If failure on Array2, will handle SLB traffic for VIP2 • Array2 is Master for VIP2 and Backup for VIP1 • Handles SLB traffic for VIP2 • If failure on Array1, will handle SLB traffic for VIP1 • VIP1 and VIP2 provide access to same web site content. • DNS RR used to load balance between VIP1 and VIP2, when LLB DNS is enabled. Web Clients Internet SLB VIP1 – Master SLB VIP2 - Backup SLB VIP1 – Backup SLB VIP2 – Master Array1 Array2 Web Servers

  14. Internet Active-Active Virtual Clustering • Active-Active Example With Three Nodes Web Servers X Array1 L2 Switch L2 Switch Array2 Array3 Resilient Default Gateway X 75* *Highest priority indicates Master for the VIP

  15. Virtual Clustering Configuration • Virtual Clustering Commands • Interface • cluster virtual ifname<interface_name> <cluster_id> • Virtual IP • cluster virtual vip<interface_name> <cluster_id> <virtual_IP> • Priority • cluster virtual priority<interface_name> <cluster_id> <priority> • Authentication • cluster virtual auth<interface_name> <cluster_id>{0|1password} • Interval • cluster virtual interval<interface_name> <cluster_id> <interval> • Pre-emption • cluster virtual preempt<interface_name> <cluster_id> {1|0} • Enable/Disable • cluster virtual {on | off} <cluster_id> <interface_name>

  16. Virtual Cluster Interface • Creates a virtual cluster by defining a virtual cluster ID and the interface designation • cluster virtual ifname<interface_name> <cluster_id> • interface_name: A configured interface name. May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name. • cluster_id: Virtual cluster identifier (range = 1 to 255)

  17. Virtual Cluster Virtual IP • Binds a Virtual IP address to a virtual cluster. • To create a virtual cluster virtual IP: • cluster virtual vip<interface_name> <cluster_id> <virtual_IP> • interface_name: A configured interface name. • May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name. • cluster_id: Virtual cluster identifier • Range = 1 to 255 • virtual_IP: Virtual IP address may be any valid host IP address (i.e., subnet and broadcast addresses not allowed). • Each Virtual IP address must be unique. • Maximum number of virtual IP addresses: 16 per virtual cluster, 1024 per system.

  18. Virtual Cluster Priority • Sets the priority for a virtual cluster VIP on a specific node. • To configure virtual cluster priority: • cluster virtual priority<interface_name> <cluster_id> <priority> • interface_name: A configured interface name. May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name. • cluster_id: Virtual cluster identifier (range = 1 to 255) • priority: Specific priority on the node. • Range = 1 (lowest) to 255 (highest). Default = 100. • Priority of zero (0) disables the virtual cluster • Required when making changes to the Outside interface.

  19. Virtual Cluster Authentication • Allows virtual clustering updates to be password authenticated. • To configure virtual cluster authentication: • cluster virtual auth<interface_name> <cluster_id>{0|1password} • interface_name: A configured interface name. May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name. • cluster_id: Virtual cluster identifier (range = 1 to 255) • 0|1 password: Type of authentication to use. • 0: No authentication will be used • 1 password: Plaintext password authentication (8 alphanumeric characters)

  20. Virtual Cluster Interval • Defines the period between VC advertisements from the Master. • To set the advertisement interval for a virtual cluster: • cluster virtual interval<interface_name> <cluster_id> <interval> • interface_name: A configured interface name. May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name. • cluster_id: Virtual cluster identifier (range = 1 to 255) • interval: Period between virtual clustering advertisements (range = 3 to 60 seconds, default = 5 seconds)

  21. Virtual Cluster Pre-emption • Pre-emption allows a higher priority node to take Master status away from an existing Master node. • To enable/disable pre-emption for a virtual cluster: • cluster virtual preempt<interface_name> <cluster_id> {1|0} • interface_name: A configured interface name. May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name. • cluster_id: Virtual cluster identifier (range = 1 to 255) • {1 | 0}: Disable/enable pre-emption of a lower priority Master • 1: Enable pre-emption (default) • 0: Disable pre-emption

  22. Virtual Cluster Enable/Disable • To enables or disable a virtual cluster: • cluster virtual {on | off} <cluster_id> <interface_name> • cluster_id: Virtual cluster identifier (range = 1 to 255) • interface_name: A configured interface name. May be one of the physical interfaces (inside, outside, dmz, eng), a VLAN name, or an MNET name.

  23. Webui Basic Config

  24. Add VIP’s to Cluster

  25. Display Virtual Cluster Status • To check the status of a virtual cluster: • show cluster virtual status [<interface_name> | all]

  26. Cluster Status Webui

  27. Set Priority for Primary and Secondary Devices

  28. Active-Backup Example • Sample Active-Backup Configuration • configuration used on node 1. #slb configuration slb real http "server1" 192.168.1.50 80 1000 tcp 1 1 slb real http "server2" 192.168.1.51 80 1000 tcp 1 1 slb group method "group1" rr slb group member "group1" "server1" 1 slb group member "group1" "server2" 1 slb virtual http "vip1" 192.168.2.100 80 slb policy default "vip1" "group1" #virtual cluster configuration cluster virtual ifname "outside" 100 cluster virtual vip "outside" 100 192.168.2.100 cluster virtual priority "outside" 100 200 cluster virtual interval "outside" 100 5 cluster virtual auth "outside" 100 0 cluster virtual preempt "outside" 100 1 cluster virtual on Note: on node 2, set a different priority: cluster virtual priority "outside" 100 100 cluster virtual preempt "outside" 1 0

  29. Active-Active Example • Sample Active-Active Configuration • configuration used on node 1. #slb configuration slb virtual http "vip1" 192.168.2.100 80 slb virtual http "vip2" 192.168.2.101 80 #virtual cluster configuration cluster virtual ifname "outside" 100 cluster virtual vip "outside" 100 192.168.2.100 cluster virtual priority "outside" 100 200 cluster virtual ifname "outside" 101 cluster virtual vip "outside" 101 192.168.2.101 cluster virtual priority "outside" 101 100 cluster virtual on Note: on node 2, set a different priority: cluster virtual priority "outside" 100 100 cluster virtual priority "outside" 101 200

  30. Fast Failover • Fast Failover (FFO) mechanism uses Fast Failover Port on APV platforms with dedicated Fast Failover Cable to detect other unit status transparently in an Array cluster enables sub-second failure detection and switchover. • FFO can detect the other unit Power Off, Panic, Reboot, Loss Carrier to switch over instantly. • Array clustering technology with fast failover mechanism provides higher availability and much faster response time than the typical array clustering technology.

  31. Normal Null Modem Cable Fast Failover Cable • The Fast Failover Cable is specially designed to support fast failover communication. The cable can be used for CLI console (null modem). Normal null modem cable is incompatible with Array Networks Fast Failover Cable and cannot be used to support fast failover function Fast Failover Cable Normal Null Modem Cable

  32. Fast Failover Benefits Fast Failover in Array clustering architecture has important benefits: • Fast VIP failover(~3ms) when master node is down • Work with existing cluster virtual configuration • Easy to deployment by using generic PC serial port connector • Easy to configure by only two CLI commands • Real time synchronization of cable connecting information which has the following benefits: • Cable connectivity is easy to be detected by Administrators through system logging • Additionally, the failover is transparent to the users, therefore it doesn’t disturb the network service. • The response time for interface carrier loss is configurable.

  33. Fast Failover Limitation • Fast Failover supports two units and unit level failover, unit either in Active or Standby mode. Application traffic will be only processed by Active unit. • Fast Failover cable need be stay connected during normal operation. If disconnected, both units will detect other unit is failed and become active. Two active unit with same VIPs can cause network confusion and application failure. • Two redundant units need be identical, HW model and SW setup (except interface management IP), to support application failover.

  34. Fast Failover - CLI • cluster virtual ffo <on | off> • Enable/disable fast failover feature, the default value is off. • cluster virtual ffo interface carrier loss timeout <timeout> • Configure how long an Array appliance waits before failover (if necessary) when it detects interface carrier loss (in milliseconds). If network carrier recovers in the timeout value, no action will be taken. This value ranges from 0 to 65535. 0 means no wait while 65535 means no failover. • show cluster virtual ffo • Display the configurations about fast failover. • system test failover port • On-line CLI command to test the Fast Failover port on APV. After executing this command, APV will prompt user to connect the cable to the Fast Failover port. If the Fast Failover port works well, the system will prompt “The failover port is ok. You can now connect the console cable back to the console port.”; otherwise, nothing will prompt. This function works with either regular console cable (null modem) or the FFO cable that Array ships to the customers with the units.

  35. Synchronizing Configuration across a Cluster

  36. Config Synchronization • Ability to synchronize configurations for Backup Array • Done manually • Can be accomplished via CLI or Webui • Can be pushed or pulled • The following are not overwritten - • system ip addresses, ip route, hostname, mnet, vlan, webwall, accesslist, accessgroup, llb and webui IP address.

  37. Syconfig via CLI • synconfig peer <syn name> <ip> • synconfig peer machine1 192.168.1.1 • synconfig peer machine2 192.168.1.2 • synconfig to <syn name> • synconfig to machine2 • synconfig from <syn name> • synconfig from machine1 • NOTE: once sync peer names are defined; you may add the hint to cluster priority command so that no need manual change the cluster priority after sync – • cluster virtual priority <ifc name> <id> <priority> <sync name>

  38. Add Peers and Local Node

  39. Sync To/From Peer

  40. Check Previous/Rollback etc

  41. Lab 11

More Related