Product Documentation
下載:PDFPRINT

Configuring Active-Active Mode

Jan 18, 2016

On each NetScaler appliance that you want to deploy in active-active mode, you must add a VMAC and bind the VMAC to a VIP. The VMAC for a given VIP must be same on each appliance. For example, if VIP 10.102.29.5, is created on the appliances, a virtual router ID must be created on each NetScaler and bound to VIP 10.102.29.5 on each NetScaler. When you bind a VMAC to a VIP, the NetScaler sends VRRP advertisements to each VLAN that is bound to that VIP. The VMAC can be shared by different VIPs configured on the same NetScaler.

This section includes the following details:

Adding a VMAC

Updated: 2013-08-29

To add a VMAC for an active-active configuration, you create a virtual router ID. To bind a VMAC to a VIP, you associate the VMAC's virtual router ID with the VIP.

To add a VMAC by using the command line interface

At the command prompt, type:

add vrID <value> -priority <value> -preemption (ENABLED|DISABLED) -sharing (ENABLED | DISABLED) -tracking (NONE|ONE|ALL|PROGRESSIVE)

Example 

 
 add vrID 125 -priority 100 -sharing ENABLED -tracking ONE

To add a VMAC by using the configuration utility

  1. Navigate to System > Network > VMAC, on the VMAC tab, add a new VMAC, or edit an existing VMAC.
  2. Set the following parameters:
    • Virtual Router ID
    • Priority
    • Tracking
    • Preemption
    • Sharing

To bind a VMAC by using the command line interface

At the command prompt, type:

set ns ip <VIP address> -vrid <value>

Example 

 
 set ns ip 10.102.29.5 -vrid 125

To bind a VMAC to a VIP by using the NetScaler configuration utility

  1. Navigate to System > Network > IPs, on the IPV4s tab, open the VIP address that you want to bind to a VMAC.
  2. In the Virtual Router Id drop down box, select a virtual router ID.

Configuring Send to Master

Updated: 2013-08-29

Usually, the traffic destined to a VIP reaches the NetScaler appliance on which the VIP is active, because an ARP request with the VIP and a VMAC on that appliance has reached the upstream router. But in some cases, such as static routes configured on the upstream router for the VIP subnet, or a topology that blocks this route, the traffic can reach a NetScaler appliance on which the VIP is in backup state. If you want this appliance to forward the data packets to the appliance on which the VIP is active, you need to enable the send to master option. This behavior is a per node setting and is disabled by default.

For example, in the following diagram, VIP1 is configured on NS1, NS2, and NS3 and is active on NS1. Under certain circumstances, traffic for VIP1 (active on NS1) may reach VIP1 on NS3. When the send to master option is enabled on NS3, NS3 forwards the traffic to NS1 through NS2 by using route entries for NS1.

Figure 1. An Active-Active Configuration with Send to Master Option Enabled


To enable send to master by using the command line interface

At the command prompt, type:

set vrIDParam -sendToMaster (ENABLED|DISABLED)

Example

 
> set vrIDParam -sendToMaster ENABLED 
 Done

To enable send to master by using the configuration utility

  1. Navigate to System > Network, in the Settings group, click Virtual Router Parameters.
  2. Select the Send to Master option.

Configuring VRRP Communication Intervals

In an active-active deployment, all NetScaler nodes use the Virtual Router Redundancy Protocol (VRRP) to advertise their master VIP addresses and the corresponding priorities in VRRP advertisement packets (hello messages) at regular intervals.

VRRP uses the following communication intervals:
  • Hello Interval. Interval between the VRRP hello messages that a node of a master VIP address sends to its peer nodes.
  • Dead Interval. Time after which a node of a backup VIP address considers the state of the master VIP address as DOWN if VRRP hello messages are not received from the node of the master VIP address. After the dead interval, the backup VIP address takes over and becomes the master VIP address.

You can change these intervals to a desired value. Both of these communication intervals are per node setting for all VIP addresses in that node.

To configure VRRP communication intervals by using the command line interface

At the command prompt, type:

set vrIDParam [-helloInterval <msecs>] [-deadInterval <secs>]

Example

> set vrIDParam -helloInterval 500 -deadInterval 2 
 Done

To configure VRRP communication intervals by using the configuration utility

  1. Navigate to System > Network, in the Settings group, click Virtual Router Parameters.
  2. Under Configure Virtual Router Parameter, set the Hello Interval and Dead Interval parameters.
  3. Click OK.

Example 1: Nodes with the Same VRRP Dead Intervals

Consider an active-active deployment consisting of NetScaler ADCs NS1, NS2, and NS3. Virtual IP addresses VIP1, VIP2, VIP3 are configured on each of these ADCs. Because of their priorities, VIP1 is active on NS1, VIP2 is active on NS2, and VIP3 is active on NS3.

As shown in the table below, the dead interval is set to the same value (2 seconds) on all the three nodes.

The VRRP communication intervals (hello interval and dead interval) of a node apply to all the VRIDs configured on the node, and in turn apply to all VIP addresses associated with the VRIDs on the node.

On each node, the VIP addresses that are active (master) on that node use the hello interval, and the dead interval is used by the VIP addresses that are inactive (backup) on that node.

Preemption is disabled for the VIP addresses in all the three nodes.

The following table lists the settings used in this example.

Settings on NS1 Settings on NS2 Settings on NS3
VIP addresses
VIP1 (for reference purposes only)
  • IP address: 192.0.1.10
  • VRID: 10
  • Priority: 90
  • IP address: 192.0.1.10
  • VRID: 11
  • Priority: 30
  • IP address: 192.0.1.10
  • VRID: 15
  • Priority: 60
VIP2 (for reference purposes only)
  • IP address: 192.0.1.20
  • VRID: 20
  • Priority: 100
  • IP address: 192.0.1.20
  • VRID: 21
  • Priority: 300
  • IP address: 192.0.1.20
  • VRID: 25
  • Priority: 200
VIP3 (for reference purposes only)
  • IP address: 192.0.1.30
  • VRID: 30
  • Priority: 70
  • IP address: 192.0.1.30
  • VRID: 31
  • Priority: 140
  • IP address: 192.0.1.30
  • VRID: 35
  • Priority: 210
Communication Intervals
Hello Interval 400 milliseconds 400 milliseconds 400 milliseconds
Dead Interval 2 seconds 2 seconds 2 seconds
The execution flow is as follows:
  1. NS1 sends hello messages at a set hello interval of 200 ms to NS2 and NS3 for the VIP1 address, because VIP1 is active (the master) on NS1. Similarly, NS2 sends hello messages at a set interval (600 ms) for VIP2, and NS3 sends hello messages at a set interval (800ms) for VIP3.
  2. On NS1, the set dead interval applies to VIP2 and VIP3, because they are inactive (backups) on NS1. Similarly, on NS2, the set dead interval applies to VIP1 and VIP3, and on NS3, the set dead interval applies to VIP1 and VIP2.
  3. If NS1 goes down, NS2 and NS3 consider NS1 to be down if they receive no hello messages from NS1 for 2 seconds (the dead interval). VIP1 on NS3 takes over and becomes active (master), because its VRID priority (60) is higher than that of VIP1 of NS2 (30).

Example 2: Nodes with Different VRRP Dead Intervals

Consider a VRRP deployment similar to the deployment described in Example1 but with a different dead interval on each node (NS1, NS2, and NS3). Preemption is disabled for the VIP addresses in all the three nodes.

The following table lists the settings used in this example.

Settings on NS1 Settings on NS2 Settings on NS3
VIP addresses
VIP1 (for reference purposes only)
  • IP address: 192.0.1.10
  • VRID: 10
  • Priority: 90
  • IP address: 192.0.1.10
  • VRID: 11
  • Priority: 30
  • IP address: 192.0.1.10
  • VRID: 15
  • Priority: 60
VIP2 (for reference purposes only)
  • IP address: 192.0.1.20
  • VRID: 20
  • Priority: 100
  • IP address: 192.0.1.20
  • VRID: 21
  • Priority: 300
  • IP address: 192.0.1.20
  • VRID: 25
  • Priority: 200
VIP3 (for reference purposes only)
  • IP address: 192.0.1.30
  • VRID: 30
  • Priority: 70
  • IP address: 192.0.1.30
  • VRID: 31
  • Priority: 140
  • IP address: 192.0.1.30
  • VRID: 35
  • Priority: 210
Communication Intervals
Hello Interval 400 milliseconds 400 milliseconds 400 milliseconds
Dead Interval 1 second 2 seconds 3 seconds
The execution flow is as follows when NS1 goes down:
  1. NS2 considers NS1 to be down after not receiving any hello messages from NS1 for 2 seconds (NS2’s dead interval).
  2. VIP1 on NS2 takes over and becomes active (master). NS2 now starts sending hello messages for VIP1.

Even though VIP1 on NS3 has a higher VRIP priority (60) than does VIP1 on NS2 (30), NS3’s larger dead interval (3 seconds, vs. 2 seconds for NS2), prevents VIP1 on NS3 from taking over before VIP 1 on NS2 has already done so.

Example 3: Nodes with Different Dead Intervals and Preemption Enabled

Consider a VRRP deployment similar to the deployment described in Example1 but with different dead intervals on the three nodes, NS1, NS2, and NS3, and with preemption enabled for the VIP1 address on NS3.

The following table lists the settings used in this example.

Settings on NS1 Settings on NS2 Settings on NS3
VIP addresses
VIP1 (for reference purposes only)
  • IP address: 192.0.1.10
  • VRID: 10
  • Priority: 90
  • IP address: 192.0.1.10
  • VRID: 11
  • Priority: 30
  • IP address: 192.0.1.10
  • VRID: 15
  • Priority: 60
VIP2 (for reference purposes only)
  • IP address: 192.0.1.20
  • VRID: 20
  • Priority: 100
  • IP address: 192.0.1.20
  • VRID: 21
  • Priority: 300
  • IP address: 192.0.1.20
  • VRID: 25
  • Priority: 200
VIP3 (for reference purposes only)
  • IP address: 192.0.1.30
  • VRID: 30
  • Priority: 70
  • IP address: 192.0.1.30
  • VRID: 31
  • Priority: 140
  • IP address: 192.0.1.30
  • VRID: 35
  • Priority: 210
Communication Intervals
Hello Interval 400 milliseconds 400 milliseconds 400 milliseconds
Dead Interval 1 second 2 seconds 3 seconds
The execution flow is as follows when NS1 goes down:
  1. NS2 considers NS1 to down after not receiving any hello messages from NS1 for 2 seconds (NS2’s set dead interval). At this time, NS3, with a dead interval of 3 seconds, does not consider NS1 to be down.
  2. VIP1 on NS2 takes over and becomes active (master). NS2 now starts sending hello messages for VIP1.
  3. Upon receiving hello messages from NS2 for VIP1, NS3 preempts NS2 for VIP1 because preemption is enabled for VIP1 of NS3 and the VRID priority (60) of VIP1 of NS3 is higher than that (30) of VIP1 of NS2.
  4. VIP1 on NS3 takes over and becomes active (master). NS3 now starts sending hello messages for VIP1.

Changing the Priority of a VIP Address Automatically in an Active-Active Configuration (VRRP)

To ensure that a backup VIP address takes over as the master VIP before the node of the current master VIP address goes down completely, you can configure a node to change the priority of a VIP address when the state of an interface on the node changes. For example, the node reduces the priority of a VIP address when the state of an interface changes to DOWN, and increases the priority when the state of the interface changes to UP.

This feature is a per node configuration for each VIP address.

To configure this feature on a node for a VIP address, you set the Reduced Priority (trackifNumPriority) parameter, and then associate the interfaces whose state is to be tracked for changing the priority of the VIP address. When any of the associated interface's state changes to DOWN or UP, the node reduces or increases the priority of the VIP address by the configured Reduced Priority (trackifNumPriority) value.

To set reduced priority and bind interfaces to the virtual router ID by using the command line interface

At the command prompt, type:

  • set vrID <id> [-trackifNumPriority <positive_integer>]
  • bind vrID <id> -trackifNum <interface_name>
  • show vrID <id>

Example

> set vrID 125 -trackifNumPriority 10 
> bind vrID 125 -trackifNum 1/4 1/5

To set reduced priority and bind interfaces to the virtual router ID by using the configuration utility

  1. Navigate to System > Network > VAMC and select a virtual router ID.
  2. Under Configure VMAC, set the Reduced Priority parameter.
  3. Select the Interfaces tracked for the vrid option and, under Associate Interfaces, add interfaces to the virtual router ID.

Example

Consider an active-active deployment consisting of NetScaler ADCs NS1, NS2, and NS3. Virtual IP addresses VIP1, VIP2, VIP3, and VIP4 are configured on each of these ADCs. Because of their priorities, VIP1 and VIP4 are active on NS1, VIP2 is active on NS2, and VIP3 is active on NS3.

To ensure that the active VIP addresses on NS1 are taken over by either NS2 or NS3 before NS1 goes down completely, interface-based health tracking is configured for the VIP1 and VIP4 addresses on NS1. Configuring interface-based health tracking for a VIP address includes associating the desired interfaces and setting the reduced priority (trackifNumPriority) parameter for the associated VRID of the VIP address. For example, on NS1, interfaces 1/2, 1/3, and 1/5 are associated to the VRID of VIP1, and reduced priority is set to 20.

Preemption is enabled for these VIP addresses in all three nodes.

The following table lists the settings used in this example.

  Settings on NS1 Settings on NS2 Settings on NS3
VIP addresses
VIP1 (for reference purposes only)
  • IP address: 192.0.1.10
  • VRID: 10
  • Priority: 90
  • IP address: 192.0.1.10
  • VRID: 11
  • Priority: 30
  • IP address: 192.0.1.10
  • VRID: 15
  • Priority: 60
VIP2 (for reference purposes only)
  • IP address: 192.0.1.20
  • VRID: 20
  • Priority: 100
  • IP address: 192.0.1.20
  • VRID: 21
  • Priority: 300
  • IP address: 192.0.1.20
  • VRID: 25
  • Priority: 200
VIP3 (for reference purposes only)
  • IP address: 192.0.1.30
  • VRID: 30
  • Priority: 70
  • IP address: 192.0.1.30
  • VRID: 31
  • Priority: 140
  • IP address: 192.0.1.30
  • VRID: 35
  • Priority: 210
VIP4 (for reference purposes only)
  • IP address: 192.0.1.40
  • VRID: 40
  • Priority: 250
  • Track interfaces: 1/5, 1/7
  • Reduced priority: 55
  • IP address: 192.0.1.40
  • VRID: 41
  • Priority: 160
  • IP address: 192.0.1.40
  • VRID: 45
  • Priority: 150
The execution flow is as follows on NS1 when multiple interface on NS1 goes down:
  1. If interface 1/3 goes down, the priority of address VIP1 is reduced by 20 (VIP1’s reduced priority value), because interface 1/3 is associated with VIP1:
    • Effective priority of VIP1 = (Current priority - reduced priority) = (90-20) = 70
  2. Similarly, if interface 1/5 goes down, the priority of address VIP1 is further reduced:
    • Effective priority of VIP1 = (Current priority - reduced priority) = (70-20) = 50
  3. At this point, the effective priority of VIP1 on NS1 is less than the priority of VIP1 on NS3. NS3 preempts NS1 for VIP1. VIP1 on NS3 takes over and becomes active (master).
  4. Also, because interface 1/5 is also associated with VIP4, the priority of VIP4 is reduced by the VIP4’s reduced priority value (55).
    • Effective priority of VIP4 = (250 - 55) = 195
  5. If interface 1/7 goes down, the priority of VIP4 is further reduced:
    • Effective priority of VIP4 = (Current priority - reduced priority) = (195-55) = 145
  6. At this point, the effective priority of VIP4 on NS1 is less than the priority of VIP4 on NS2. NS2 preempts NS1 for VIP4. VIP4 on NS3 takes over and becomes active (master). This configuration ensures that none of the four VIP addresses are active on NS1 before it completely goes down.

Delaying Preemption

By default, a backup VIP address preempts the master VIP address immediately after its priority becomes higher than that of the master VIP. When configuring a backup VIP address, you can specify an amount of time by which to delay the preemption. Preemption delay time is a per-node setting for each backup VIP address.

The preemption delay setting for a backup VIP does not apply in the following conditions:

  • The node of the master VIP goes down. In this case, the backup VIP takes over as the master VIP after the dead interval set on the backup VIP’s node.
  • The priority of the master VIP is set to zero. The backup VIP takes over as the master VIP after the dead interval set on the backup VIP’s node.

Example: Delaying Preemption

Consider an active-active deployment consisting of NetScaler appliances NS1 and NS2. Virtual IP address VIP1 is configured on each of these appliances. Because of their priorities, VIP1 is master on NS2. Preemption is enabled and preemption delay time is set for VIP1 on these two nodes.

The following table lists the settings used in this example.

 

Settings on NS1

Settings on NS2

VIP1  (for reference purposes only)

 

 

·         IP address: 192.0.1.10

·         VRID: 10

·         Priority: 100

·         Preemption: Enabled

·         Preemption delay time: 1000 seconds

 

 

·         IP address: 192.0.1.10

·         VRID: 20

·         Priority: 200

·         Preemption: Enabled

·         Preemption delay time: 2000 seconds

 

 

Dead Interval

       1 Seconds

       2 Seconds

Following are some examples of possible preemption behavior in this setup:

  • If the priority of VIP1 on NS1 is set to a value (for example, 210) higher than that of VIP1 on NS2, VIP1 on NS1 takes over as master after its set preemption delay time (1000 secs).
  • If a third node NS3 with the following VRRP settings is added to this deployment, VIP1 on NS3 becomes master after its set preemption delay time (3000 secs).
    • VIP1
      • VRID: 30
      • IP address:
      • Priority = 300
      • Preemption delay time = 3000 seconds
  • If NS2 goes down, VIP1 on NS1 takes over as master after 2 seconds (set dead interval on NS2). Preemption delay time for VIP1 on NS1 does not apply in this case.
  • If NS2 goes down and NS1 restarts, VIP1 on NS1 becomes master 2 seconds (set dead interval on NS1) after NS1 comes up. Preemption delay time for VIP1 on NS1 does not apply in this case.
  • If the priority of VIP1 on NS2 is set to zero, VIP1 goes to standby mode. VIP1 on NS1 takes over as master after 1 second (set dead interval on NS1). Preemption delay time for VIP1 on NS1 does not apply in this case.

Configuration Steps

To configure preemption delay time for a VIP address, you set the preemption delay timer parameter of the associated VMAC address. You can the set this parameter when you add the address, or you can modify an existing VMAC address.

To configure preemption delay time by using the NetScaler command line

  • To set the preemption delay time while adding a VMAC, at the command prompt, type:
    • add vrID <id> -preemptiondelaytimer <secs>
    • show vrID
  •  To set the preemption delay time while modifying a VMAC, at the command prompt, type:
    • set vrID <id> -preemptiondelaytimer <secs>
    • show vrID

To configure preemption delay time by using the configuration utility

  1. Navigate to System > Network > VMAC.
  2. On the VMAC tab. While adding a new VMAC, or editing an existing VMAC, set the Preemption Delay Timer parameter.
Sample Configuration 複製 
The following configuration uses the settings listed in table in section Example: Delaying Preemption.


Settings on NS1


> set vrid param –deadInterval 1

Done


> add ns ip 192.0.1.10 255.255.255.255 –type VIP

Done


> add vrid 10 –Priority 100 –Preemption Enable –preemptiondelaytimer 1000

Done


> bind ns ip 192.0.1.10 255.255.255.255 –vrid 10

Done


Settings on NS2


> set vrid param –deadInterval 2

Done


> add ns ip 192.0.1.10 255.255.255.255 –type VIP

Done


> add vrid 20 –Priority 200 –Preemption Enable –preemptiondelaytimer 2000

Done


> bind ns ip 192.0.1.10 255.255.255.255 –vrid 20

Done

Keeping a VIP Address in the Backup State

You can force a VIP address to always stay in backup state. This operation is helpful in maintenance or testing of a VRRP deployment. 

When a VIP address is forced to stay in backup state, it does not participate in VRRP state transitions. Also, it cannot become master even if all other nodes go down.

To force a VIP address to stay in backup state, you set the priority of the associated VMAC address to zero. To ensure that none of the VIP addresses of a node handle traffic during a maintenance process on the node, set all the priorities to zero.

You can the set the priority of a VMAC address while adding or modifying the address.

To force a VIP address to stay in the backup state by using the NetScaler command line

  • To set the priority while adding a VMAC, at the command prompt, type:
    • add vrID <id> -priority 0
    • show vrID
  • To set the priority while modifying a VMAC, at the command prompt, type:
    • set vrID <id> -priority 0
    • show vrID

To force a VIP address to stay in backup state by using the configuration utility

  1. Navigate to System Network VMAC.
  2. On the VMAC tab, while adding a new VMAC or editing an existing VMAC, set the Priority parameter to zero.

An Active-Active Deployment Scenario

Following is an example of a possible active-active deployment scenario.

In the following diagram, VIP1, VIP 2 and VIP3 are configured on all three appliances, NS1, NS2, and NS3. Base Priorities for each VIPs are as shown in the diagram. Health tracking is disabled for each VIP. The priorities of VIPs are set so that VIP1, VIP2, and VIP3 are active on NS3. If NS3 fails, VIP1, VIP2, and VIP3 become active on NS1.

Figure 2. An Active-Active Deployment Scenario


You can force a VIP address to always stay in backup state. This operation is helpful in maintenance or testing of a VRRP deployment. 

When a VIP address is forced to stay in backup state, it does not participate in VRRP state transitions. Also, it cannot become master even if all other nodes go down.

To force a VIP address to stay in backup state, you set the priority of the associated VMAC address to zero. To ensure that none of the VIP addresses of a node handle traffic during a maintenance process on the node, set all the priorities to zero.

You can the set the priority of a VMAC address while adding or modifying the address.

To force a VIP address to stay in the backup state by using the NetScaler command line

  • To set the priority while adding a VMAC, at the command prompt, type:
    • add vrID <id> -priority 0
    • show vrID
  • To set the priority while modifying a VMAC, at the command prompt, type:
    • set vrID <id> -priority 0
    • show vrID

To force a VIP address to stay in backup state by using the configuration utility

  1. Navigate to System Network VMAC.
  2. On the VMAC tab, while adding a new VMAC or editing an existing VMAC, set the Priority parameter to zero.