set deviceconfig high-availability

Description

Configure Wildfire appliance cluster high-availability (HA) settings.

Hierarchy Location

set deviceconfig

Syntax

high-availability { 
enabled {no | yes}; 
election-option { 
preemptive {no | yes}; 
priority {primary | secondary}; 
timers { 
advanced {heartbeat interval <value> | hello-interval <value> | 
preemption-hold-time <value> | promotion-hold-time <value>} 
aggressive; 
recommended; 
} 
} 
interface { 
ha1 { 
peer-ip-address <ip-address>;  
port {eth2 | eth3 | management};  
encryption enabled {no | yes}; 
} 
ha1-backup { 
peer-ip-address <ip-address>;  
port {eth2 | eth3 | management};  
} 
} 
} 

Options

+ enabled — Enable HA on both controller nodes to provide fault tolerance for the cluster. Each WildFire appliance cluster should have two controller nodes configured as an HA pair.
> election-option — Configure the preemptive, priority, and timer HA option values.
+ preemptive — Election option to enable the passive HA peer (the controller backup node) to preempt the active HA peer (the primary controller node) based on the HA priority setting. For example, if the primary controller node goes down, the secondary (passive) controller node takes over cluster control. When the primary controller node comes back up, if you do not configure preemption, the secondary controller continues to control the cluster and the primary controller acts as the controller backup node. However, if you configure preemption on both HA peers, then when the primary controller comes back up, it preempts the secondary controller by taking back control of the cluster. The secondary controller resumes its former role as the controller backup node. You must configure the preemptive setting on both of the HA peers for preemption to work.
+ priority — Election option to configure the preemption priority of each controller in the HA pair. Configure preemption on both members of the HA controller pair.
> timers — Configure the timers for HA election options. The WildFire appliance provides two pre-configured timer options (aggressive and recommended settings), or you can configure each timer individually. The Advanced timers enable you to configure values individually:
  • The heartbeat-interval sets the time in milliseconds to send heartbeat pings. The range of values is 1000-60,000 ms, with a default value of 2000 ms.
  • The hello-interval sets the time in milliseconds to send Hello messages. The range of values is 8000-60,000 ms, with a default value of 8000 ms.
  • The preemption-hold-time sets the time in minutes to remain in passive (controller backup) mode before preempting the active (primary) controller node. The range of values is 1-60 minutes, with a default value of 1 minute.
  • The promtion-hold-time sets the time in milliseconds to change state from passive (controller backup) to active (primary) state. The range of values is 0-60,000 ms, with a default value of 2000 ms.
> interface — Configure HA interface settings for the primary (ha1) and backup (ha1-backup) control link interfaces. The control link interfaces enable the HA controller pair to remain synchronized and prepared to failover in case the primary controller node goes down. Configuring both the ha1 interface and the ha1-backup interface provides redundant connectivity between controllers in case of a link failure. Set:
  • The peer-ip-address. For each interface, configure the IP address of the HA peer. The ha1 interface peer is the ha1 interface IP address on the other controller node in the HA pair. The ha1-backup interface peer is the ha1-backup interface IP address on the other controller node in the HA pair.
  • The port. On each controller node, configure the port to use for the ha1 interface and the port to use for the ha-backup interface. You can use eth2, eth3, or the management port (eth0) for the HA control link interfaces. You cannot use the Analysis Environment Network interface (eth1) as an ha1 or ha1-backup control link interface. Use the same interface on both HA peers as the ha1 interface, and use the same interface (but not the ha1 interface) on both HA peers as the ha1-backup interface. For example, configure eth3 as the ha1 interface on both controller nodes and configure the management interface as the ha1-backup interface on both controller nodes.

Sample Output

admin@wf-500(active-controller)# show deviceconfig high-availability 
high-availability { 
election-option { 
priority primary; 
} 
enabled no; 
interface { 
ha1 { 
peer-ip-address 10.10.10.150; 
port eth2 
} 
ha1-backup { 
peer-ip-address 10.10.10.160; 
port management 
} 
} 
} 

Required Privilege Level

superuser, deviceadmin

Related Documentation