Professional Documents
Culture Documents
CNS-218-3I 04 High Availability v3.01
CNS-218-3I 04 High Availability v3.01
x Essentials
Subnet
Subnet 22 Subnet
Subnet 22
VLAN
VLAN 11 VLAN
VLAN 22
NSIP Node 1
Server 1 Router
server IP Address 1
Server 2
server IP Address 2
Server 3 NSIP Node 2
server IP Address 3
Subnet 2 Subnet 2
VLAN 1 VLAN 2
NSIP Node 1
Router
Server 1
server IP Address 1
Server 2
server IP Address 2
Server 3
Secondary
server IP Address 3
Primary –
GARP on IPs
10
© 2019 Citrix Authorized Content
Automatic
Configuration • Files are synchronized from the primary Citrix ADC to the
Synchronization secondary.
(Continued) • Sync is done via Rsync, using an SSL tunnel.
• Most of the files synced are in /nsconfig and subdirectories
or in /var and its subdirectories.
• The sync HA files <options> command can enable a full or
partial sync.
11
© 2019 Citrix Authorized Content
Which of the following IP’s does not float between the
primary and secondary Citrix ADC?
MIP, SNIP, NSIP, or VIP
Lesson
Objective Review
12
© 2019 Citrix Authorized Content
Which of the following IP’s does not float between the
primary and secondary Citrix ADC?
MIP, SNIP, NSIP, or VIP
Answer: The NSIP
Lesson The NSIP needs to be unique on each Citrix ADC instance.
Objective Review Both the primary and secondary Citrix ADC will have a
unique NSIP.
13
© 2019 Citrix Authorized Content
High Availability Configuration
14
© 2019 Citrix Authorized Content
Citrix ADC HA Requirements
To configure Citrix ADC nodes in a high
availability pair, you need the following:
• Same type of appliances
• Same RPC node password
• Requisite ports must be open
15
© 2019 Citrix Authorized Content
Preconfiguration Before configuring high availability pair nodes, ensure:
Checklist • The NSIP addresses for the primary and the secondary
nodes are unique from any other device on the network.
• You do not have any IP address conflicts.
• IP address conflicts can be viewed in the configuration utility from the System
> Diagnostics > View console messages menu.
16
© 2019 Citrix Authorized Content
Configuring Primary and Secondary Nodes
Add the IP of the node
• Primary and secondary nodes can be that will participate in
HA.
configured using the Configuration Utility or
CLI.
• The status of the secondary node should be
set to stay secondary, when nodes are
Add the admin
configured. credentials of the
remote node.
• Disable any interfaces that are not used.
• Set HA monitoring to OFF on unimportant
interfaces.
17
© 2019 Citrix Authorized Content
High Availability Verification
View the status of the HA node in System > Status > HA ,or from the CLI, show HA node.
Test HA failover before putting the HA pair into production.
18
© 2019 Citrix Authorized Content
What is the main benefit of binding a SNIP for Management
of your HA pair?
Lesson
Objective Review
19
© 2019 Citrix Authorized Content
What is the main benefit of binding a SNIP for Management
of your HA pair?
Answer: You are always connected to the primary node.
Lesson A SNIP address is active only on the primary node and will
Objective Review float between the two if there is a failover event. Binding a
SNIP for management will ensure that only the primary
node responds to that IP.
20
© 2019 Citrix Authorized Content
Additional HA Settings
21
© 2019 Citrix Authorized Content
Configuring By default, configuration synchronization between the
systems in a high availability pair occurs automatically.
High Availability
The HA status in a node can be one of these four:
Status
• ENABLED
• STAYPRIMARY
• STAYSECONDARY
• DISABLED
22
© 2019 Citrix Authorized Content
High Availability—Fail Safe Mode
Fail Safe mode ensures that one node is
primary when both nodes fail a health check.
Fail Safe mode is:
• Configured individually on each node.
• Not enabled by default.
23
© 2019 Citrix Authorized Content
High Availability—Fail Safe Mode
I have a
Subnet
Subnet 22 bad Subnet
Subnet 22
interface.
VLAN
VLAN11 VLAN
VLAN 22
Secondary
Citrix ADC
IP Address 1
Mapped IP address
Virtual IP address
Subnet address
Router
Server 1 Router
server IP Address 1
Server 2
server IP Address 2
Secondary
Server 3
server IP Address 3
I have a
bad
interface.
Fail Safe mode is not enabled in this environment.
24
© 2019 Citrix Authorized Content
Securing
Communication • Citrix ADC requires that RPC node passwords on both
Between Nodes appliances in an HA pair are identical to secure traffic.
• RPC nodes are implicitly created when adding a node.
• Utilize Configuration Utility or CLI to create or change an
RPC node password.
25
© 2019 Citrix Authorized Content
Disabling Synchronization and Command Propagation
In some cases, command propagation may not
be desired.
When testing a new configuration, decide
whether it be synchronized or propagated to
the secondary until it has been tested and is
working as expected.
26
© 2019 Citrix Authorized Content
Forced Synchronization
• Forced synchronization can be performed on either the primary or the secondary node.
• If synchronization is already in progress, the command fails and a warning message is
displayed.
27
© 2019 Citrix Authorized Content
Performing a A forced failover will only work when:
Forced Failover • The primary node is able to determine that the status of
the secondary node is UP.
• The health of the secondary node is good.
• The secondary node is not configured to STAYSECONDARY.
28
© 2019 Citrix Authorized Content
Failover Interface Set Benefits
• Failover by grouping interfaces into a
failover interface set (FIS).
• Failure of a single link from causing failover
to the secondary system unless all interfaces
on the primary system are non-functional.
• No switch configuration required.
29
© 2019 Citrix Authorized Content
High Availability without GARP
• Virtual MAC addresses (VMAC):
• Floating ARP entry shared by both nodes. Client
30
© 2019 Citrix Authorized Content
High Availability—Route Monitors
Router
Switch SW3
In some cases, up or down stream routes must also be monitored to ensure that HA failover occurs when necessary.
31
© 2019 Citrix Authorized Content
Why should you configure fail safe mode?
Lesson
Objective Review
32
© 2019 Citrix Authorized Content
Why should you configure fail safe mode?
Answer: Without Fail Safe mode enabled, if both nodes are
Lesson experiencing failed health checks, then they both can
demote themselves to secondary. Then you could have both
Objective Review nodes refusing to handle traffic, which causes problems. To
mitigate this scenario, you need to enable Fail Safe mode, so
one system will stay primary even if both are experiencing
failures.
33
© 2019 Citrix Authorized Content
Managing High Availability
34
© 2019 Citrix Authorized Content
• Every Citrix ADC system is assigned a MIP/SNIP address or
High Availability a range of MIP/SNIP addresses during initial configuration.
35
© 2019 Citrix Authorized Content
Upgrading a
High Availability • To upgrade the software of the Citrix ADC appliances in a
Pair high availability setup, complete the following procedure:
• Issue STAYSECONDARY and then upgrade software of the secondary
appliance.
• Disable STAYSECONDARY and force a failover.
• Issue STAYSECONDARY upgrade software of the (old) primary appliance.
36
© 2019 Citrix Authorized Content
Issue STAYSECONDARY and then upgrade software of the Citrix
Upgrading a ADC and prevent an unexpected failover.
High Availability
Pair
37
© 2019 Citrix Authorized Content
Have you previously updated a standalone Citrix ADC or a
high availability pair of Citrix ADCs? If so, what challenges
did you encounter?
Group Discussion
38
© 2019 Citrix Authorized Content
Troubleshooting High Availability
39
© 2019 Citrix Authorized Content
Troubleshooting • High availability issues include:
High Availability • Configuration synchronization failure
• File synchronization failure
• Unexpected failover
40
© 2019 Citrix Authorized Content
• What questions do you have about configuring high
availability for Citrix ADC?
• Have you implemented high availability in your
environment previously, and what challenges or issues did
Group Discussion you encounter?
41
© 2019 Citrix Authorized Content
• Citrix ADC High Availability includes an active/passive
configuration that acts as one logical unit.
• The secondary node monitors the primary node for
Key Takeaways failures.
• Console messages can be useful in troubleshooting high
availability issues.
42
© 2019 Citrix Authorized Content
• Exercise 4-1: Configuring an HA Pair
• Exercise 4-2: Managing an HA Pair
Lab Exercise
43
© 2019 Citrix Authorized Content
Work better. Live better.
44
© 2019 Citrix Authorized Content