Prisma SD-WAN Branch High Availability
Let us learn how to configure high availability for branch sites in Prisma SD-WAN.
| Where Can I Use
This? | What Do I Need? |
|---|
Prisma SD-WAN offers a unique branch HA solution ensuring full
WAN capacity in the case of an ION device failure. This is achieved by leveraging the
fail-to-wire capabilities and HA group technology of ION devices at a branch site.
Prisma SD-WAN High Availability (HA), ensures automatic failover between active and
backup devices, maintaining all services and forwarding paths when an ION device
experiences a software, hardware, or network related failure.
At most, one HA group may be created per branch site and up to
two devices can be bound to a group. One of the devices in the group
will be elected as active, and the second device, if present, will
be the backup device.
- The Active device performs traffic forwarding and monitoring
functions, including path selection, BGP peering, usable VPN establishment,
advertising and learning routes, reporting statistics, alerts, and
alarms.
- The Backup device merely bridges traffic to the active device
and will not perform path selection, and advertise and learn routes. It
reports a limited set of statistics, alerts, and alarms. Also in
some topologies it may establish VPNs to remote endpoints, but these will
not be usable while the device is in a backup state.
The HA control interface is used to determine which device is
active or backup synchronizes some state information between the
ION devices (e.g. DHCP server leases). The HA control interface
can be any Layer 3 interface on the ION device with a statically
configured IP address. However, we recommend using the Controller
port as long as the interfaces are within the same subnet. In topologies
where the controller ports are in two different subnets, use a different
pair of ports that are in the same subnet and dedicate those interfaces
for HA control.
Read on to understand the key concepts, topologies, and how to
configure branch HA.
