Configuring High Availability Mode

This section explains how to configure High Availability on a bond interface. Run the CLI commands from the VSX Gateway (VS0) context. For a cluster configuration, run these commands on each cluster member.

Use the active-backup value for the mode parameter to configure High Availability.

Included Topics Configuring the High Availability Bond Updating the Interface Topology

Configuring the High Availability Bond

This is a workflow of CLI commands to configure Link Aggregation in High Availability mode.

When you are enslaving configured interfaces, make sure that these interfaces are not used in other configurations.

To configure High Availability:

1. Create the High Availability bond. Run:

   add bonding group <bond id>

   set bonding group <bond id> mode active-backup

2. Define the slave interfaces. Run add bonding group <bond id> interface <IF name>

   Do this command again for all of the slave interfaces.

3. Make sure that the bond is configured correctly. Run show bonding group <bond id>

   To show more information about the bond, from Expert mode run cat /proc/net/bonding/<bond id>

4. Open SmartDashboard and configure the cluster object. .
   • For a new Link Aggregation installation, create a new cluster object.
   • For updating an existing configuration, update the interface topology.

Updating the Interface Topology

When you are updating an existing configuration to Link Aggregation, it is necessary to reconfigure the relevant objects to connect to the newly created bond. This includes Virtual Systems, Virtual Routers and Virtual Switches. You can perform these actions using SmartDashboard. In most cases, these definitions can be found in the object Properties window.

For large existing VSX deployments containing many Domain Management Servers and Virtual Devices, use the vsx_util change_interfaces command to reconfigure existing object topologies. For example, in a Multi-Domain Security Management deployment with 200 Domains, each with many Virtual Devices, it is faster to use vsx_util change_interfaces. This command automatically replaces the interface with the new bond on all relevant objects.

Reconfiguring the Bond - Gaia

To configure the newly created bond for a Gaia cluster:

1. Open SmartDashboard.
2. Delete the slave interfaces from the bond that you are not using.
   1. From the navigation tree, click Topology.
   2. From the navigation tree, click Physical Interfaces.
   3. Select the slave interface, and click Remove.
   4. Click OK.
   5. Do these steps again for all the slave interfaces.
3. From clish, create the new bond interface.
4. Open SmartDashboard and from the Network Objects tree, double-click the VSX Gateway or cluster object.
5. From the navigation tree, click Physical Interfaces.
6. Click Add, and configure the bond interface.

   The Physical Interface Properties window opens.

   1. Enter the bond name.
   2. If the bond is a VLAN trunk, select VLAN Trunk.
   3. Click OK.
7. From the navigation tree, click Topology.
8. Do these steps for each interface that you are adding to the bond.
   1. Double-click the interface.

      The Interface Properties window opens.

   2. From Interface, select the bond interface.
   3. Click OK.
9. Install the policy.

Reconfiguring the Bond - SecurePlatform

To configure the newly created bond for a SecurePlatform cluster:

1. Open SmartDashboard.
2. From the Network Objects tree, double-click the VSX Gateway or cluster object.
3. From the navigation tree, click Physical Interfaces.
4. Click Add.

   The Physical Interface Properties window opens.

   1. Enter the bond name.
   2. If the bond is a VLAN trunk, select VLAN Trunk.
   3. Click OK.
5. From the navigation tree, click Topology.
6. Do these steps for each interface that you are adding to the bond.
   1. Double-click the interface.

      The Interface Properties window opens.

   2. From Interface, select the bond interface.
   3. Click OK.
7. Install the policy.
8. Delete the slave interfaces of the newly created bond that you are not using.

   You can also replace a bond interface with one that is being used.

Reconfiguring Topology with vsx_util change_interfaces

To reconfigure objects with vsx_util change_interfaces:

Important - In a Multi-Domain Security Management environment, all Domain Management Servers must be unlocked in order for this operation to succeed. Meaning, you need to disconnect all GUI clients from all Domain Management Servers.

1. Close SmartDashboard for all Multi-Domain Security Management Domain Management Servers using the designated interface.
2. On the management server, enter the Expert Mode and execute the vsx_util change_interfaces command.
3. Enter the Security Management Server, or Multi-Domain Security Management main Domain Management Server IP address.
4. Enter the administrator name and password as requested.
5. Enter the VSX cluster object name.
6. Select Apply changes to the management database and to the VSX Gateway/Cluster members immediately.
7. When prompted, select the interface to be replaced.
8. When prompted, select the replacement bond interface.
9. If you wish to replace additional interfaces, enter "y" when prompted and repeat steps 6 and 7.
10. To complete the process, enter "n".