1. High Availability Guide
  2. High Availability
  3. Selecting a High Availability Mode

Selecting a High Availability Mode

Select a mode for high availability.

One Arm HA

In One Arm mode, the HA appliance pair is outside of the data path. Application traffic of interest is redirected to the appliance pair, typically using Policy Based Routing (PBR). One Arm is used when a single insertion point in the network is not feasible or to avoid the challenges of fail-to-wire.

In this case, adding HA is straight forward. The Standby appliance can simply be added to the same VLAN or subnet as the Active appliance and the router, as we show in the diagram below:

one arm HA

In One Arm mode it is recommended that the Appliances do not reside in the data network subnets. This means the Oracle Conduit traffic doesn’t have to traverse the PBR and avoids route loops, etc. The Oracle Appliances and router do have to be directly connected, either via an Ethernet port or by residing in the same VLAN.

Using IP SLA Monitoring for Fall Back

As long as one of the Appliances is active, traffic will still flow even if the Conduit is down. In this case, the Appliance will redirect the traffic back to the router as Intranet traffic. However, if both Appliances become disabled, the router will still try to redirect traffic to the appliances. IP SLA monitoring can be configured at the router to disable the PBR if the next device is not reachable. This allows the router to fall back to doing a route lookup in the normal way and forwarding packets appropriately.

Note:

Not all routers and firewalls support PBR or IP SLA.

Parallel Inline HA

In Parallel Inline HA mode, the Appliances are deployed alongside each other, in line with the data path. The diagram below shows a common deployment with multiple switches and a single router.

Higher spanning tree cost callback connection

In the above diagram, only one path through the Active appliance is used. It is important to note the bypass interface groups are configured to be fail-to-block and not fail-to-wire so that we don’t get spanning tree loops during a failover.

The HA state can be monitored through the inline interface groups or through a direct connection between the appliances. External Tracking can be be used to monitor the reachability of the upstream or downstream network infrastructure (e.g. switch port failure) to detect if an HA state change if needed. If both Appliances are disabled or fail, a tertiary path can be used directly between the switch and router. This path must have a higher spanning tree cost than the Appliance paths so that it is not used under normal conditions.

Failover in Parallel Inline HA mode is very quick and nearly hitless, as no physcial state change occurs. Fallback to the tertiary path is not typically hitless and can cause traffic to be blocked for 5-30 seconds depending on the spanning tree configuration.

If there are out of path connections to other WAN Links, both appliances must be connected to them. In more complex scenarios, where multuple routers might be using VRRP, non-routable VLANS are recommended to ensure the LAN side switches and WAN side routers are reachable at Layer 2.

Multiple VLANs

Serial Inline HA

In Serial Inline HA mode, the Appliances are inline on the same path. In this case the bypass interface groups should be in the fail-to-wire mode, with the Standby appliance in a Passthrough or bypass state. A direct connection between the two appliances on a separate port must be configured and used for the HA interface group. Serial Inline has the advantage of being very simple to deploy but has some drawbacks:

  • Due to a physical state change when the Appliance switches over from Active to Standby, failover can cause some loss of connectivity depending on how long the auto-negotiation takes on the Ethernet ports. It is likely to be several seconds and can be service impacting.
  • It is not recommended that Serial Inline be used on ports that are auto-negotiated, as this will increase failover time.
  • If the HA connection between the appliances fails in some way, both appliances will go active and cause a service interruption. This can be mitigated by assigning multiple HA connections so there is no single point of failure.
  • We recommend testing fully when inline with other devices, using the following scenarios to verify bypass (fail-to-wire) operation.
    • Appliance In-Line: Powered OFF
    • Appliance In-Line: Powered ON with Talari Service DISABLED
    • Appliance In-Line: Powered ON with Talari Service ENABLED

An example of Serial Inline HA deployment is shown below:

HA-INTERFACE CONNECTION