Prisma SD-WAN Branch HA Key Concepts

Let us understand the Prisma SD-WAN branch HA key concepts.
Prisma SD-WAN enables the election of an active or backup device through Priority and Preemption configuration.
Priority
is assigned to devices to dictate preference during election. For example, certain topologies may require that a particular device be active while the other remains as a backup device. In such cases, an administrator can assign a higher priority to the device with higher preference to dictate which device becomes active during election.
Preemption
is enabled at the HA group level to automatically force a switchover to the device with a higher priority.
  • If enabled, it dictates that a re-election within the group be forced whenever there is a priority change that results in the current active device’s priority to be less than that of the backup device.
  • If disabled, it dictates that an election not happen as long as the current active device has an effective priority greater than 0, which means it has not experienced a critical failure.
Advertisement Interval
—At the HA group level, an administrator will specify the interval in which the active device will advertise its priority to the other members of the HA group. This can be a value between 1 - 10 seconds. If no advertisement is received by the backup device for 3 consecutive advertisement intervals, it assumes that the active device is unavailable and will begin its transition to the active state.
Interface Tracking
—Each device will automatically track the state of the HA-control interface, and upon a failure of the interface, the device will immediately transition to a failed state, giving way to the other device in the HA group to become active. In addition, an administrator can optionally configure up to four non-HA control interfaces to track, and for each interface that goes down the HA priority of the device will be reduced by the configured value.
Administration
—The devices in an HA group can be administratively disabled from participating in an HA group for operational reasons. When a device is disabled in a group, it will withdraw from the group and become a passive device. For example, in Returned Merchandise Authorization (RMA) scenarios, an administrator can administratively bring down and bring up a device. Similarly, before a software upgrade, an administrator can mark the device as disabled to perform the software upgrade and then enable the device in the HA group after the software upgrade is complete.
DHCP Server
—The devices will automatically synchronize DHCP server leases from active to backup, so that the backup device, when active, can continue to perform all the functions of an active device.
HA Status
—HA group status can be displayed for current active and backup devices with the last switchover time and the reason for the switchover.
Configuration Management
—The device configuration may need to be identical on both devices, depending on the topology.
  • If the configuration is applied at the site level (For example, network path policy, QoS policy, etc.), the same policy is applied to both the devices.
  • If the configuration was executed at the device level (For example, NAT port forwarding, security zone binding at the interface level, etc.) the policy/configuration needs to be applied to both the devices. This applies to other configurations as well.

Recommended For You