D-Link DFL-260E User Manual for DFL-260E - Page 72
Link Monitoring with HA Clusters, Link Monitoring Parameters, Failover, Failover and recon
View all D-Link DFL-260E manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 72 highlights
2.4.1. The Link Monitor Chapter 2. Management and Maintenance period and all interface links to external devices are renegotiated. • In an HA cluster setup, the link from the master to the external Internet (or other part of a network) can be continually monitored so that should the link fail, the slave will take over (assuming that the slave has a different physical connection to the monitored address). The action chosen for HA should be either 2. Failover or 3. Failover and reconfigure. If the first action option 1. Reconfigure is chosen in an HA cluster, then the reconfigure will also cause a failover since it will temporarily suspend the master's operation while the reconfigure takes place and the slave will take over when it detects this inactivity. If reconfiguration with failover is desirable it is better to select the option 3. Failover and reconfigure since this does the failover first and is almost instantaneous with almost no traffic interruption. Reconfigure first is slower and results in some traffic interruption. To preserve all tunnels in a VPN scenario, it is best to choose the 2. Failover option since a reconfiguration can cause some tunnels to be lost. Link Monitoring with HA Clusters The most common use for link monitoring is in the HA cluster scenario described above. It is important that the master and slave do not duplicate the same condition that triggered the Link Monitor. For example, if a particular router connected to the master NetDefend Firewall was being "pinged" by Link Monitoring, the slave should not also be connected to that router. If it is, the continued triggering of a reconfiguration by the Link Monitor will then cause the slave to failover back to the master, which will then failover back to the slave again and so on. If it is important to not allow a failover during reconfiguration of the active unit in an HA cluster then the advanced setting Reconf Failover Time should be set to a value which is neither too low or too high. Reconf Failover Time controls how long the inactive unit will wait for the active unit to reconfigure before taking over. Setting this value too low will mean the inactive unit does not wait long enough. Setting the value too high could mean significant downtime if the active unit fails during reconfiguration and the inactive unit needs to take over. More information on clusters can be found in Chapter 11, High Availability. Link Monitoring Parameters The Link Monitor takes the following parameters: Action Specifies which of the 3 actions described above NetDefendOS should take. Addresses Specifies a group of hosts to monitor. If at least half of them do not respond, NetDefendOS assumes that there is a link problem. A host's responses are ignored until NetDefendOS has been able to reach it at least once. This means that an unreachable host can be responsible for triggering an action once but not twice. A group of three hosts where one has been unreachable since the last configuration will therefore be treated as a two-host group until the third host becomes reachable. This also means that if a link problem triggers an action and the problem is not solved, NetDefendOS will not attempt to repeat the same action until the problem is solved and the hosts are again reachable. 72