How high availability works

When you configure NetScaler Gateway in a high availability pair, the secondary NetScaler Gateway monitors the first appliance by sending periodic messages, also called a heartbeat message or health check, to determine if the first appliance is accepting connections. If a health check fails, the secondary NetScaler Gateway tries the connection again for a specified amount of time until it determines that the primary appliance is not working. If the secondary appliance confirms the health check failure, the secondary NetScaler Gateway takes over for the primary NetScaler Gateway. This is called failover.

The following ports are used to exchange information related to high availability between NetScaler Gateway appliances:

  • UDP port 3003 is used to exchange hello packets for communicating the status for intervals.
  • TCP port 3010 is used for the high availability configuration synchronization.
  • TCP port 3011 is used to synchronize configuration settings.

Guidelines for configuring high availability

Before configuring a high availability pair, you must review these guidelines:

  • Each NetScaler Gateway appliance must be running the same version of the NetScaler Gateway software. You can find the version number at the top of the page in the configuration utility.
  • NetScaler Gateway does not automatically synchronize passwords between two appliances. You can choose to configure each NetScaler Gateway with the user name and password of the other appliance in the pair.
  • Entries in the configuration file, ns.conf, on both the primary and the secondary NetScaler Gateway must match, with the following exceptions:
    • The primary and secondary NetScaler Gateway appliance must each be configured with its own unique system IP address. Use the Setup Wizard to configure or modify the system IP address on either NetScaler Gateway.

    • In a high availability pair, the NetScaler Gateway ID and associated IP address must point to the other NetScaler Gateway.

      For example, if you have two appliances, named AG1 and AG2, you must configure AG1 with the unique NetScaler Gateway ID and IP address of AG2. You must configure AG2 with the unique NetScaler Gateway ID and IP address of AG1.

      Note: Each NetScaler Gateway appliance is always identified as Node 0. Configure each appliance with a unique node ID.

  • Each appliance in the high availability pair must have the same license. For more information about licensing, see Licensing.
  • If you create a configuration file on either node by using a method that does not go directly through the configuration utility or the command-line interface (for example, importing SSL certificates, or changing to start up scripts), you must copy the configuration file to the other node or create an identical file on that node.
  • When you configure a high availability pair, make sure the mapped IP addresses and default gateway address of both the primary and the secondary appliances are identical. If necessary, you can change the mapped IP address at any time by running the Setup Wizard.

You can use the pre-installation checklist to view a list of the specific settings you need to configure in a high availability deployment. For details, see Pre-Installation Checklist.

How high availability works