Let us learn about Prisma SD-WAN Branch High Availability.
Prisma SD-WAN offers a unique branch
HA solution ensuring full WAN capacity in the case of an ION device
failure. This is achieved by leveraging the fail-to-wire capabilities
and HA group technology of ION devices at a branch site. Prisma
SD-WAN High Availability (HA), ensures automatic failover between
active and backup devices, maintaining all services and forwarding
paths when an ION device experiences a software, hardware, or network
At most, one HA group may be created per branch site and up to
two devices can be bound to a group. One of the devices in the group
will be elected as active, and the second device, if present, will
be the backup device.
The Active device performs traffic forwarding and monitoring
functions, including path selection, BGP peering, usable VPN establishment,
advertising and learning routes, reporting statistics, alerts, and
The Backup device merely bridges traffic to the active device
and will not perform path selection, and advertise and learn routes. It
reports a limited set of statistics, alerts, and alarms. Also in
some topologies it may establish VPNs to remote endpoints, but these will
not be usable while the device is in a backup state.
The HA control interface is used to determine which device is
active or backup synchronizes some state information between the
ION devices (e.g. DHCP server leases). The HA control interface
can be any Layer 3 interface on the ION device with a statically
configured IP address. However, we recommend using the Controller
port as long as the interfaces are within the same subnet. In topologies
where the controller ports are in two different subnets, use a different
pair of ports that are in the same subnet and dedicate those interfaces
for HA control.
Read on to understand the key concepts, topologies, and how to
configure branch HA.