01-26-2017 02:23 PM
I am setting up HA on two PA3050's. They are racked one above the other and will be directly connected HA1 to HA1 as well as HA2 to HA2. However, the management ports are connected into a pair of Cisco 3750's stacked.
My question is, what is the best practice for assigning IP addresses to these interfaces? My thoughts are to allocate two addresses out of one /30 subnet to the HA1 pair and two addresses out of a different /30 to the HA2 pair.
I assume these addresses are locally significant on a directly connected pair of PA's and are not needed to be known outside of those links?
Also, is it really necessary to allocate two in-band ports as back-up ports for two directly connected PA's?
Lastly, the Admin Guide seems to be conflicted with regards to using heartbeat across the management port when it serves as a back-up to the HA1.
Thanks.
Fred
01-27-2017 02:17 AM
you can use any /30 for the HA1 ports. they are not of any significance outside of the HA pair, but should be picked so they do not conflict with existing infrastructure if they are linked over a switched/routed environment
since you'll be directly connecting them, this does not matter
for HA2 you don't even need IP addresses if you choose 'ethernet' mode, then both peers will communicate over MAC addresses
for HA2 an in-line interface is required (if you need redundancy in the first place) as HA2 is used for sharing the state table to the passive peer and thus is very latency sensitive.
for HA1 the management interface can be set as backup interface, the difference with an in-band interface is that the management interface uses a simplified heartbeat. This is useful to prevent a split brain condition as both planes (dataplane and controlplane) are leveraged to verify if the HA peer is 'alive'
01-26-2017 03:19 PM
Hello,
I have something similar setup and I just use two /30's that I'm not using anywhere in my network for this. Correct you dont need to have any outside connectivity for these ports. I think you only needs thost inband ports if you plan on active-active HA. If you are using active/passive, you should be OK.
I cant recall what it states regardig the heartbeat but I'm sure someone will jump in and help out.
Regards,
01-27-2017 02:17 AM
you can use any /30 for the HA1 ports. they are not of any significance outside of the HA pair, but should be picked so they do not conflict with existing infrastructure if they are linked over a switched/routed environment
since you'll be directly connecting them, this does not matter
for HA2 you don't even need IP addresses if you choose 'ethernet' mode, then both peers will communicate over MAC addresses
for HA2 an in-line interface is required (if you need redundancy in the first place) as HA2 is used for sharing the state table to the passive peer and thus is very latency sensitive.
for HA1 the management interface can be set as backup interface, the difference with an in-band interface is that the management interface uses a simplified heartbeat. This is useful to prevent a split brain condition as both planes (dataplane and controlplane) are leveraged to verify if the HA peer is 'alive'
01-27-2017 05:38 AM
Thanks!!
Yes, it is always best to insure unique addressing in all areas of the network.
I forgot about keeping the Data Link of the HA2 to Ethernet. I appreciate the reminder on that.
Lastly, I misread Step 9 on page 217. Again, thanks for answering these for me.
Best Regards
Fred
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
