HA terminology
HA cluster
Group of two devices instructed to work as a single entity. Every HA cluster has one primary device and one auxiliary device. The primary device controls how the cluster operates. The roles that the primary and auxiliary devices play in the cluster depend on the configuration mode.
HA active-passive configuration mode
An HA cluster consists of a primary device and an auxiliary device. In this mode, only the primary device processes traffic while the auxiliary device remains in standby mode, ready to take over if the primary device fails.
HA active-active configuration mode
An HA cluster consists of a primary device and an auxiliary device. In this mode, both devices process traffic, and the primary device load-balances the traffic. The decision to load-balance the traffic is made by the primary device. The auxiliary device can take over this function if the primary fails.
Primary device
In an active-active cluster, the primary device receives all network traffic and acts as a load-balancer to redirect traffic to the auxiliary device. The primary device also tracks the status of all cluster devices. In an active-passive cluster, the primary device processes the network traffic while the auxiliary device does not process any traffic but remains ready to take over if the primary device fails.
Auxiliary device
In an active-active cluster, the auxiliary device processes the network traffic assigned to it by the primary device. If the primary device fails, the auxiliary device becomes the primary device. In an active-passive cluster, the auxiliary device does not process network traffic and is on standby. It becomes active only when the primary device is not available to process the traffic.
Dedicated HA link port
A dedicated HA link is a direct physical link between the devices participating in the HA cluster.
Load balancing
The ability of an HA cluster to balance the traffic between nodes in the HA cluster.
Monitored interface
Set of interfaces that are selected to be monitored. Each device monitors its own selected interface(s) and if any of them goes down, the device removes itself from the cluster and a failover occurs.
Virtual MAC
MAC address associated with the HA cluster. This address is sent in response when any of the machines make an ARP request to the HA cluster. It is not the actual MAC address and is not assigned to any interface of any unit in the cluster.
The primary device owns the MAC address and is used for routing network traffic. All external clients use this address to communicate with the HA cluster. In case of failover, the new primary device will have the same MAC address as the failed primary device. The cluster device that has a virtual MAC address acts as the primary device.
Primary status
In active-active mode, the device that receives all traffic and performs load-balancing is said to be in a primary status. A device can be the primary only when the other device is the auxiliary.
In active-passive mode, the device in charge of processing all the traffic is said to be in the primary status.
Auxiliary status
In active-active mode, the device that receives the traffic from the primary device is said to be in the auxiliary status. A device can be in the auxiliary status only when the other device is in the primary status.
In active-passive mode, the device that is not processing the traffic is in the auxiliary status. A device can be in the auxiliary status only when the other device is in the primary status.
Standalone status
A device is said to be in a standalone status when it's able to process traffic and when the other device is unable to process traffic (for example, if it's faulty or inoperative).
Faulty status
A device is faulty when it can't process network traffic. This happens when the device or link fails.
Peer
When an HA cluster is established, the cluster devices are called peers to each other. Example: For the primary device, the auxiliary device is its peer device and vice versa.
Synchronization
The process of sharing the cluster configuration between cluster devices (HA peers). Generated reports aren't synchronized.
Link uptime (3 seconds)
Time taken by the dedicated link or monitored port to come up.
Heartbeat (keep-alive) interval (250 milliseconds)
Interval between heartbeat packet exchange by HA peers to confirm that the cluster is functioning.
Device failover
If the primary device doesn't receive communication from the auxiliary within the keepalive time, it determines that the auxiliary has failed, and the primary device functions as a standalone device.
If the auxiliary device doesn't receive communication from the primary within the keepalive time, it determines that the primary has failed. Device failover occurs, and the auxiliary device takes over.
Device failover detection time (peer time-out)
When the primary device stops sending Heartbeat packets, it is declared dead at the end of four seconds by default (250 milliseconds x 16 timeouts).
Note
The peer is considered active if a Heartbeat is received within 14 timeouts.
A failover is triggered seven seconds after the cluster comes up (3-second link uptime + 4-second device failover detection time). You can’t change the failover threshold.
Link failover
Both the devices in an HA cluster continuously monitor the dedicated HA link and the interfaces configured to be monitored. If any of them fails it is called link failover.
Session failover
Whether it's a device or link failover, session failover occurs for forwarded TCP traffic except for the virus scanned sessions that are in progress, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and proxy traffic.
A device normally maintains session information for TCP traffic that is not passing through the proxy service. So, if a failover occurs, the device that takes over processes all the sessions (TCP sessions not passing through a proxy application). The entire process is transparent for users.