Configuring high availability pairs in different subnets
A typical high availability deployment is when both appliances in a high availability pair reside on the same subnet. A high availability deployment can also consist of two NetScaler Gateway appliances in which each appliance is in a different network. This topic describes the latter configuration, and includes sample configurations and a list of differences among the high availability configurations within one network and across networks.
You can also configure link redundancy and route monitors. These NetScaler Gateway functions are helpful in a cross-network high availability configuration. The functions also cover the health check process used by each NetScaler Gateway to ensure that the partner appliance is active.
How independent network configuration works
The NetScaler Gateway appliances are connected to different routers, called R3 and R4, on two different networks. The appliances exchange heartbeat packets through these routers. A heartbeat packet is a signal that occurs at regular intervals that ensures the connection is still active. You can expand this configuration to accommodate deployments involving any number of interfaces.
Note: If you use static routing on your network, you must add static routes between all the systems to ensure that heartbeat packets are sent and received successfully. (If you use dynamic routing on your systems, static routes are unnecessary.)
When the appliances in a high availability pair reside on two different networks, the secondary NetScaler Gateway must have an independent network configuration. This means that NetScaler Gateway appliances on different networks cannot share mapped IP addresses, virtual LANs, or network routes. This type of configuration, in which the NetScaler Gateway appliances in a high availability pair have different configurable parameters, is known as independent network configuration or symmetric network configuration.
The following table summarizes the configurable parameters for an independent network configuration, and shows how you must set them on each NetScaler Gateway:
|IP addresses||NetScaler Gateway specific. Active only on that appliance.|
|Virtual IP address||Floating.|
|Virtual LAN||NetScaler Gateway specific. Active only on that appliance.|
|Routes||NetScaler Gateway specific. Active only on that appliance. A link load balancing (LLB) route is floating.|
|access control lists (ACLs)||Floating (common). Active on both appliances.|
|Dynamic routing||NetScaler Gateway specific. Active only on that appliance. The secondary NetScaler Gateway must also run the routing protocols and peer with upstream routers.|
|L2 mode||Floating (common). Active on both appliances.|
|L3 mode||Floating (common). Active on both appliances.|
|Reverse Network Address Translation (NAT)||NetScaler Gateway specific. Reverse NAT with a virtual IP address because the NAT IP address is floating.|
IPSET in INC mode is supported with public IP addresses. For details, see Citrix ADC High Availability with Azure Load Balancer Front End IP Validated Reference Design.