Configure Branch HA for ION Devices without Bypass Pairs

Let us learn more about the Configure Branch HA for ION Devices without Bypass Pairs in Prisma SD-WAN.
In this topology, the ION device does not have hardware bypass pairs. Both the active and backup ION devices must have separate physical connections to the WAN circuits.
The steps below show a sample configuration for an ION 1000.
  1. Configure physical connections.
    1. Connect the MPLS Private WAN circuit on Port 1 of the active ION device.
    2. Connect the MPLS Private WAN circuit on Port 1 of the backup ION device.
    3. Connect the internet circuit on Port 2 of the active ION device.
    4. Connect the internet circuit on Port 2 of the backup ION device.
    5. Use Port 3 as the HA control interface.
      Since there are no controller ports on the ION 1000, a dedicated port must be used for HA synchronization between the two devices. In this example, we use Port 3 as the HA control interface.
    6. Connect port 4 of each ION device to each of the Layer 3 LAN switches.
    7. Configure the same IP address for LAN port 4 for both the ION devices.
      Only the Active ION device responds to ARP requests for this IP address.
      Note: To enable this interface to be used for LAN traffic forwarding,
      Enable L3 LAN Forwarding
      when you configure the device.
      Never connect the HA devices back to back, as a link failure will cause the priority of both the devices to be reduced to zero, and both will be in a backup state, thus impacting HA at that site.
  2. Configure interfaces.
    Configure the interfaces as shown in the following table.
    Port-Interface Type
    In Active ION Device Use These Ports For
    In Backup ION Device Use These Ports For
    Port 1
    Private WAN
    Private WAN
    Port 2
    Internet
    Internet
    Port 3
    HA Control Interface
    HA Control Interface
    Port 4
    LAN
    LAN
    Active ION Device Port Configuration
    Backup ION Device Port Configuration
  3. Configure HA Groups with the following settings.
    1. In the
      Edit HA-Group
      screen, enable
      Preempt
      and set the
      Advertisement Interval
      to one second.
    2. In the
      Active ION device Spoke HA configuration
      screen, set the priority to 150. Configure Port 3 as the HA control interface. Enable tracking for the LAN port with a priority reduction value of 150.
    3. In the
      Backup ION device Spoke HA configuration
      screen, set the priority to 100. Configure Port 3 as the HA control interface, and enable tracking for the LAN port with a priority reduction value of 100.
  4. Add the ION Devices to the HA Groups.
  5. Configure HA Groups.
    1. In the
      Edit HA-Group
      screen, enable
      Preempt
      and set the
      Advertisement Interval
      to one second.
    2. In the
      Active ION device Spoke HA configuration
      screen, set the priority to 150. Leverage the controller port as the HA control interface, and enable tracking for the LAN port with a priority reduction value of 150.
    3. In the
      Backup ION device Spoke HA configuration
      screen, set the priority to 100. Leverage the controller port as the HA control interface, and enable tracking for the LAN port with a priority reduction value of 100.
  6. Add the ION Devices to the HA Groups.

Recommended For You