Resiliency
Several features enable availability, a key component of a secure deployment.
High Availability
It is strongly recommended that the SBC be deployed in a High Availability (HA) architecture with a Primary node and a Secondary node connected over both Wancom1 and Wancom2 interfaces for resiliency. It is also recommended that the two units in an HA pair be directly cabled together. While they can be separated and connected via an Ethernet switch or layer 2 VPN, this introduces latency and can significantly impact capacity. Since session replication is performed over a clear text connection, it may also expose call or configuration data sent in the replication process. In short, a geographically redundant pair of SBCs is not recommended. If geo-redundancy is an absolute requirement, a secure site-to-site VPN should be implemented for session replication, and thorough testing should be conducted to understand impacts to session capacity.
Guidelines are presented in “520-0011-03 BCP - High Availability Configuration”.
Configuration is detailed in Section 14 “High Availability Nodes” of the ACLI Configuration Guide.
Link Detection and Gateway Polling
If the gateway-heartbeat is enabled, the SBC periodically sends ARP requests for each configured network-interface gateway. If the configured number of retransmissions has been exceeded, the SBC will mark that gateway as unreachable and decrement its health score. If the health score decrements far enough, and the health score of the standby unit is higher, an HA failover will occur.
It is recommended that exactly one network-interface per physical interface have gateway-heartbeat enabled.
gw-heartbeat
state enabled
heartbeat 10
retry-count 3
retry-timeout 3
health-score 30
The feature is explained in detail in the “High Availability Nodes” chapter of the ACLI Configuration Guide.