Lets learn more about the Branch HA for ION Devices without
Bypass Pairs in Prisma SD-WAN.
This topology follows the hybrid internet
and MPLS topology in which the MPLS path is the active path, and
the internet path is the backup path for all traffic. In this topology,
the ION device does not have hardware bypass pairs. Instead, both
the active and backup ION devices must have separate physical connections
to the WAN circuits.
The example here shows an ION 1000, a compact
WAN edge device designed for retail and small office environments.
It has four standard Ethernet interfaces. Since the ION 1000 does
not have hardware bypass pairs, both the active and backup ION 1000s
must have separate physical connections to the WAN circuits. Ensure
that both circuits are available to each device as the topology
will have no reliance on hardware bypass ports.
Traffic Flow in Steady-State and Failure Scenarios
the switch and the ION device on the left are the active paths.
Then, as illustrated, steady-state traffic to and from the LAN flows
through the switch on the left to the ION device.
ION device on the left has the higher priority in a steady-state,
it will answer ARP requests for the LAN port IP, build Prisma SD-WAN,
or Standard VPN tunnels from the internet/private WAN ports. Optionally,
the private WAN port will also have a BGP relationship established
with the MPLS peer edge router from the private WAN port.
backup ION device, as such, will build VPNs from its internet or
private WAN ports, but they will remain unusable. BGP neighborship
with the MPLS peer edge router remains down, and the backup ION
will not answer ARP requests on the LAN port.
failure scenario causes the ION device on the left to reduce its
priority to less than the priority of the ION device on the right.
Enable preemption on this HA group; traffic will flow as depicted
below after the ION device on the right becomes active.
failure scenarios include ION device loss of power or critical process
failures. If interface tracking is enabled for the LAN port, and
if that port goes down because of a cable or switch failure, the
priority will be reduced to 0, causing a switchover. When a switchover
occurs, the ION device on the right will bring up all previously
unusable tunnels. The LAN interfaces will send out Gratuitous ARPs
and will respond to future ARP requests for their IP addresses.
Now, use the Private WAN interface for BGP establishment with the provider