ADC

Configure high availability

You can deploy two Citrix ADC appliances in a high availability configuration, where one unit actively accepts connections and manages servers while the secondary unit monitors the first. The Citrix ADC appliance that is actively accepting connections and managing the servers is called a primary unit and the other one is called a secondary unit in a high availability configuration. If there is a failure in the primary unit, the secondary unit becomes the primary and begins actively accepting connections.

Each Citrix ADC appliance in a high availability pair monitors the other by sending periodic messages, called heartbeat messages or health checks, to determine the health or state of the peer node. If a health check for a primary unit fails, the secondary unit retries the connection for a specific time period. For more information about high availability, see High Availability. If a retry does not succeed by the end of the specified time period, the secondary unit takes over for the primary unit in a process called failover. The following figure shows two high availability configurations, one in one-arm mode and the other in two-arm mode.

Figure 1. High availability in one-arm mode

image

Figure 2. High availability in two-arm mode

image

In one-arm configuration, both NS1 and NS2 and servers S1, S2, and S3 are connected to the switch.

In two-arm configuration, both NS1 and NS2 are connected to two switches. The servers S1, S2, and S3 are connected to the second switch. The traffic between client and the servers passes through either NS1 or NS2.

To set up a high availability environment, configure one ADC appliance as primary and another as secondary. Perform the following tasks on each of the ADC appliances:

  • Add a node.
  • Disable high availability monitoring for unused interfaces.

Add a Node

A node is a logical representation of a peer Citrix ADC appliance. It identifies the peer unit by ID and NSIP. An appliance uses these parameters to communicate with the peer and track its state. When you add a node, the primary and secondary units exchange heartbeat messages asynchronously. The node ID is an integer that must not be greater than 64.

Through CLI

To add a node by using the command line interface, follow these steps:

At the command prompt, type the following commands to add a node and verify that the node has been added:

  • add HA node <id> <IPAddress>

  • show HA node <id>

    Example

     add HA node 0 10.102.29.170
      Done
     > show HA node 0
     1)      Node ID:      0
             IP:   10.102.29.200 (NS200)
             Node State: UP
             Master State: Primary
             SSL Card Status: UP
             Hello Interval: 200 msecs
             Dead Interval: 3 secs
             Node in this Master State for: 1:0:41:50 (days:hrs:min:sec)
     <!--NeedCopy-->
    

Through GUI

To add a node by using the GUI, follow these steps:

  1. Navigate to System > High Availability.
  2. Click Add on the Nodes tab.
  3. On the Create HA Node page, in the Remote Node IP Address text box, type the NSIP Address (for example, 10.102.29.170) of the remote node.
  4. Ensure that the Configure remote system to participate in High Availability setup check box is selected. Provide the login credentials of the remote node in the text boxes under Remote System Login Credentials.
  5. Select the Turn off HA monitor on interfaces/channels that are down check box to disable the HA monitor on interfaces that are down.

Verify that the node you added appears in the list of nodes in the Nodes tab.

Disable high availability monitoring for unused interfaces

The high availability monitor is a virtual entity that monitors an interface. You must disable the monitor for interfaces that are not connected or being used for traffic. When the monitor is enabled on an interface whose status is DOWN, the state of the node becomes NOT UP. In a high availability configuration, a primary node entering a NOT UP state might cause a high availability failover. An interface is marked DOWN under the following conditions:

  • The interface is not connected
  • The interface is not working properly
  • The cable connecting the interface is not working properly

Through CLI

To disable the high availability monitor for an unused interface by using the command line interface, follow these steps:

At the command prompt, type the following commands to disable the high availability monitor for an unused interface and verify that it is disabled:

  • set interface <id> -haMonitor OFF
  • show interface <id>

    Example

     > set interface 1/8 -haMonitor OFF
      Done
     > show interface 1/8
             Interface 1/8 (Gig Ethernet 10/100/1000 MBits) #2
             flags=0x4000 <ENABLED, DOWN, down, autoneg, 802.1q>
             MTU=1514, native vlan=1, MAC=00:d0:68:15:fd:3d, downtime 238h55m44s
             Requested: media AUTO, speed AUTO, duplex AUTO, fctl OFF,
                      throughput 0
    
             RX: Pkts(0) Bytes(0) Errs(0) Drops(0) Stalls(0)
             TX: Pkts(0) Bytes(0) Errs(0) Drops(0) Stalls(0)
             NIC: InDisc(0) OutDisc(0) Fctls(0) Stalls(0) Hangs(0) Muted(0)
             Bandwidth thresholds are not set.
     <!--NeedCopy-->
    

    When the high availability monitor is disabled for an unused interface, the output of the show interface command for that interface does not include “HAMON.”

Through GUI

To disable the high availability monitor for unused interfaces by using the GUI, follow these steps:

  1. Navigate to System > Network > Interfaces.
  2. Select the interface for which the monitor must be disabled.
  3. Click Open. The Modify Interface dialog box appears.
  4. In HA Monitoring, select the OFF option.
  5. Click OK.
  6. Verify that, when the interface is selected, “HA Monitoring: OFF” appears in the details at the bottom of the page.
Configure high availability