SD-WAN Standard Edition Virtual Appliance (VPX) HA Support for Microsoft Azure
May 03, 2018
The SD-WAN solution template is a unified template in Microsoft Azure that allows users to deploy both Netscaler SD-WAN Standard Edition appliance or an HA cluster of Netscaler SD-WAN appliances. For HA to work and to create the HA cluster creation using solution template, the user or administrator should create a registered application with the role of an owner. The user then obtains the key for registered application with the application ID. After the application is registered, the KEY for the application is displayed only once after creation. The user has to store the key since it needs to be uploaded as input for the HA solution template. The Application ID and the Subscription ID can be obtained anytime which are also potential inputs to create SD-WAN solution template for HA.
The registered application is used to populate the LAN routing table based on HA convergence to make sure that LAN always points to the latest active appliance as the next-hop for reaching remote sites through WAN.
The following sections describe the workflow to create solution template in Microsoft Azure and configure HA in SD-WAN GUI.
- Register application - obtain application ID, application Key, and the Directory ID which is provided to create solution template for HA deployment.
- Create solution template.
- Configure HA in SD-WAN GUI - Assign Virtual IP addresses and interfaces as required for LAN, WAN, and HA control exchange.
How to Register Application in Microsoft Azure
To register the application:
1. Log into the Azure Active Directory.
2. Select App registrations.
3. Click on New application registration.
4. Provide a name for the application. Select Application type as Web app/API and the Sign-on URL can be any dummy URL.
5. Observe that after step 4, the new application is created and registered. An application ID is generated for the newly created application. You should store the application ID so that it can be presented when creating the solution template for HA creation.
6. Go to App Registrations > Newly created app > All settings > Keys. Then create a key description and select Never expires. Save your selections.
7. A KEY value that should be kept safe is displayed. You would need this as an input to be presented while creating solution template for HA deployment.
8. Go to Azure Active Directory > Properties for the Directory ID attribute. Store the directory ID and provide it while creating solution template for HA deployment.
How to Create Solution Template for HA Deployment
To create solution template:
1. In the Configure basic settings page, provide the Resource group name and the Location where you want the resource group to be created.
2. Navigate to Administrator settings page to configure deployment settings. Provide a name for creating the HA virtual machine. On the Virtual Machine name page, the primary instance is created, and the secondary instance is auto-created and suffixed with Ha. For HA deployment, you need to enable it in HA Deployment Mode. Provide a name for Availability Set. Create Username and Password of choice. Confirm password as shown in the figure below.
3. Go to SDWAN settings to configure NetScaler SD-WAN. This allows you to use existing storage or create a storage in the resource group.
4. After creating storage account, the public IPs and the DNS (optional and can be any text but unique across all DNS sections) for Primary HA appliance, Secondary HA appliance, and the Azure Load Balancer should be provided. The figure below displays how to create Public IP by providing a unique string. Create the Assignment as “STATIC” so that the IP is retained even after reboot. This is recommended for HA.
a. Provide the DNS name as some unique string after providing the public IP for management of Primary Netscaler SD-WAN.
b. The next immediate two sections are used to provide public IP for management of secondary Netscaler SD-WAN appliance and a unique DNS name for it. This DNS name should be different from the other two DNS names asked to be entered by the administrator.
5. Create public IP for the Azure Load Balancer that governs the WAN side of the HA cluster. This public IP is what is known by the remote sites connecting to the hosts or the network behind the HA cluster of Netscaler SD-WAN appliances.
6. Choose the subnetwork to be assigned to the network interfaces which will be used for the HA cluster of the NetScaler SD-WAN appliances. This is automatically populated with 10.11.0.0/16. It can be changed and administered the way you would want it. The network IPs for various NICs of Management, LAN, WAN and for HA control traffic can be chosen and created automatically as part of the solution template.
7. Name the various NICs to be created for the HA cluster of NetScaler SD-WAN appliances. The order should be as follows; MANAGEMENT, LAN, WAN, and the AUX subnet which is used for HA control packets exchange for achieving HA convergence and state association of Active/Standby.
a. Provide a name for the Subnet Names. The subnetworks are auto-populated for using the VNET created. You can change these networks as per your requirement.
8. After all of above steps are completed, the final step is to run the parameters for validation and check for errors in deployment to determine success or failure. The notifications section in Azure provides details on the latest status of the deployment creation and whether or not the deployment succeeded or failed. If failed, Azure indicates comprehensive output on failure that can be addressed.
9. After successful deployment, you can go to resource groups from the Azure icon pane and check for the resource group you created. This resource group hosts all the types created as part of the solution template for administrative reference.
Configuring HA in NetScaler SD-WAN GUI
To configure high-availability for SD-WAN appliances:
1. In NetScaler SD-WAN GUI, go to Configuration > Virtual WAN > Configuration Editor. Expand the DC site for which you want to configure interface groups for HA.
2. Go to Interface Groups. Configure LAN, WAN, and HA control exchange interfaces as shown below.
Cloud platforms have associated IP addresses for every interface (LAN/WAN). Define both IP addresses for the LAN/WAN network in Azure instance configuration for both primary and secondary instances. This is configured so that the platform is aware of the correct IP address that becomes primary and is able to respond to ARPs based on whichever instance is active.
For HA control exchange NIC Virtual IP definition, the network interface IP addresses configured as part of Azure solution template configuration should be used for high availability configuration in SD-WAN as the Primary and Secondary address. For Virtual IP definition at interface group level, you need to use one random unused IP address on the same subnet as that of the network.
In the example shown below, the IP address 10.18.3.x/24 is the HA control exchange subnetwork and the actual addresses configured as part of network interfaces are displayed.
3. Configure Virtual IP Addresses, which is used for Primary and Secondary instances of LAN, WAN, and HA respectively.
4. Enable High Availability. Configure virtual Interfaces as shown below.
5. View SD-WAN GUI Dashboard to validate and confirm the HA configuration status.