1. Configuration Guide
  2. STIR/SHAKEN Client
  3. Supporting HA with STIR SHAKEN over TCP

Supporting HA with STIR SHAKEN over TCP

You can configure the SBC with the exclusive-http-client-port-range option within the system-config to support an HA Pair running STIR SHAKEN to use the different set of ports between Primary and Secondary machine for establishing TCP connection with HTTP server.

The SBC allocates connection ports using this feature when you have configured the option prior to operation. If you have an HA deployment that is operating with STIR SHAKEN over TCP that does not use this feature, you can use one of the following procedures to implement the feature.

The procedures are dependent on the current state of your deployment. The key differentiator with these procedures is whether the current Active machine is the Primary HA member or the Secondary HA member. For both conditions, an additional consideration is whether you are implementing this feature during an upgrade or to an HA deployment that already supports the exclusive-http-client-port-range option.

After all of these procedures, the SBC allocates a separate set of TCP ports for the Primary and Secondary machines to use for connections to STIR/SHAKEN HTTP clients.

The Current Active is also the Primary

Use these procedures if the current Active machine is the Primary and the current Standby machine is the Secondary:

  • This first procedure applies to HA deployments that you are upgrading to a version that supports this feature:
    1. Enable the exclusive-http-client-port-range option within the system-config on the active SBC. HA processes synchronize this configuration with the standby node.
    2. Load the new software version onto the standby node.
    3. Reboot the standby node.
    4. Execute a manual switchover (notify berpd force) from the current active. At this point, the former active becomes the new standby.
    5. Load the new software version onto the new standby node.
    6. Reboot the new standby node.
  • This second procedure applies if you have already upgraded your HA deployments to a version that supports this feature:
    1. Enable the exclusive-http-client-port-range option within the system-config on the active SBC. HA processes synchronize this configuration with the standby node.
    2. Reboot the standby node.
    3. Execute a manual switchover (notify berpd force) from the current active to the standby.
    4. Reboot the new standby node.

The Current Active is also the Secondary

Use these procedures if the current Active machine is the Secondary and the current Standby machine is the Primary:

  • This first procedure applies to HA deployments that you are upgrading to a version that supports this feature:
    1. Enable the exclusive-http-client-port-range option within the system-config on the Active SBC [Secondary]. HA processes synchronize this configuration with the standby machine [Primary].
    2. Load the new software version onto the standby machine [Primary].
    3. Reboot the standby machine.
    4. Execute a manual switchover (notify berpd force) from the current Active. At this point, the former active becomes the new standby.
    5. Load the new software version onto the new standby node.
    6. Reboot the new standby node.
    7. Execute a manual switchover (notify berpd force) from the current Active to the standby.
  • This second procedure applies if you have already upgraded your HA deployments to a version that supports this feature:
    1. Enable the exclusive-http-client-port-range option within the system-config on the active SBC. HA processes synchronize this configuration with the standby node.
    2. Reboot the standby node.
    3. Execute a manual switchover (notify berpd force) from the current active to the standby.
    4. Reboot the new standby node.
    5. Execute a manual switchover (notify berpd force) from the current Active to the standby.