set deviceconfig high-availability
Focus
Focus
Advanced WildFire

set deviceconfig high-availability

Table of Contents

set deviceconfig high-availability

Description

Configure Wildfire appliance cluster high-availability (HA) settings.

Hierarchy Location

set deviceconfig

Syntax

high-availability { enabled {no | yes}; election-option { preemptive {no | yes}; priority {primary | secondary}; timers { advanced {heartbeat interval <value> | hello-interval <value> | preemption-hold-time <value> | promotion-hold-time <value>} aggressive; recommended; } } interface { ha1 { peer-ip-address <ip-address>; port {eth2 | eth3 | management}; encryption enabled {no | yes}; } ha1-backup { peer-ip-address <ip-address>; port {eth2 | eth3 | management}; } } }

Options

+ enabled
— Enable HA on both controller nodes to provide fault tolerance for the cluster. Each WildFire appliance cluster should have two controller nodes configured as an HA pair.
> election-option
— Configure the preemptive, priority, and timer HA option values.
+ preemptive
— Election option to enable the passive HA peer (the controller backup node) to preempt the active HA peer (the primary controller node) based on the HA
priority
setting. For example, if the primary controller node goes down, the secondary (passive) controller node takes over cluster control. When the primary controller node comes back up, if you do not configure preemption, the secondary controller continues to control the cluster and the primary controller acts as the controller backup node. However, if you configure preemption on both HA peers, then when the primary controller comes back up, it preempts the secondary controller by taking back control of the cluster. The secondary controller resumes its former role as the controller backup node. You must configure the preemptive setting on both of the HA peers for preemption to work.
+ priority
— Election option to configure the preemption priority of each controller in the HA pair. Configure preemption on both members of the HA controller pair.
> timers
— Configure the timers for HA election options. The WildFire appliance provides two pre-configured timer options (
aggressive
and
recommended
settings), or you can configure each timer individually. The
Advanced
timers enable you to configure values individually:
  • The
    heartbeat-interval
    sets the time in milliseconds to send heartbeat pings. The range of values is 1000-60,000 ms, with a default value of 2000 ms.
  • The
    hello-interval
    sets the time in milliseconds to send Hello messages. The range of values is 8000-60,000 ms, with a default value of 8000 ms.
  • The
    preemption-hold-time
    sets the time in minutes to remain in passive (controller backup) mode before preempting the active (primary) controller node. The range of values is 1-60 minutes, with a default value of 1 minute.
  • The
    promtion-hold-time
    sets the time in milliseconds to change state from passive (controller backup) to active (primary) state. The range of values is 0-60,000 ms, with a default value of 2000 ms.
> interface
— Configure HA interface settings for the primary (
ha1
) and backup (
ha1-backup
) control link interfaces. The control link interfaces enable the HA controller pair to remain synchronized and prepared to failover in case the primary controller node goes down. Configuring both the
ha1
interface and the
ha1-backup
interface provides redundant connectivity between controllers in case of a link failure. Set:
  • The
    peer-ip-address
    . For each interface, configure the IP address of the HA peer. The
    ha1
    interface peer is the
    ha1
    interface IP address on the other controller node in the HA pair. The
    ha1-backup
    interface peer is the
    ha1-backup
    interface IP address on the other controller node in the HA pair.
  • The
    port
    . On each controller node, configure the port to use for the
    ha1
    interface and the port to use for the
    ha-backup
    interface. You can use
    eth2
    ,
    eth3
    , or the
    management
    port (eth0) for the HA control link interfaces. You cannot use the Analysis Environment Network interface (eth1) as an
    ha1
    or
    ha1-backup
    control link interface. Use the same interface on both HA peers as the
    ha1
    interface, and use the same interface (but not the
    ha1
    interface) on both HA peers as the
    ha1-backup
    interface. For example, configure
    eth3
    as the
    ha1
    interface on both controller nodes and configure the
    management
    interface as the
    ha1-backup
    interface on both controller nodes.

Sample Output

admin@wf-500(active-controller)#
show deviceconfig high-availability
high-availability { election-option { priority primary; } enabled no; interface { ha1 { peer-ip-address 10.10.10.150; port eth2 } ha1-backup { peer-ip-address 10.10.10.160; port management } } }

Required Privilege Level

superuser, deviceadmin

Recommended For You