5.5.15. Managing the high availability of GCaps
5.5.15.1. Introduction
This procedure describes the high availability between 2 GCaps.
For more information, please refer to the paragraph on high-availability.
5.5.15.2. Prerequisites
User: setup
Commands used in this procedure:
5.5.15.3. Preliminary operations
Connect to the GCap (see Procedure for connecting to the GCap via SSH).
Stop the detection engine (see monitoring-engine).
5.5.15.4. Procedure for displaying the high availability status (GCap redundancy)
Enter the following command.
(gcap-cli) show advanced-configuration high-availability status
Validate.
The system displays the high availability status with the following counters:
status: status of the GCap:
unhealthy: the GCap is not connected to the neighbouring GCap
Not configured: there is no high availability configured on this system
paired GCap: IPv6 address of the neighbouring GCap.
leader: election status among Leader/Follower.
time since last status: time since the last healthcheck of the neighbouring GCap.
Leader since: date when the GCap became the Leader.
Situation where there is no high availability (redundancy of GCaps)
Current high-availability status:
status: Not configured
paired gcap: Unknown
leader: Follower
time since last status: Unknown
Follower since: Unknown
Situation of high availability (redundancy of GCaps) with loss of connection between GCaps
Current high-availability status:
status: Operational [unhealthy]
paired gcap: fe80::233
leader: Leader
time since last status: Unknown
Leader since: 2022-01-21T15:35:09Z
5.5.15.5. Procedure of configuring high availability on the first GCap
Enter the following command.
(gcap-cli) set advanced-configuration high-availability peer-ip fe80::XXX public-ip fe80::YYY multicast-group ff02::200 peer-pubkey 2wtmY/oCaoUGreyr2CROnKAIoEgTXkSOedXlXDvUfBU= shared-secret Xxf4fknh4KoOH2zgrI4Wyw==
Note
Explanation of parameters:
set advanced-configuration high-availability : order to configure high availability
- peer-ip fe80::XXXIPv6 address of neighbouring GCap among:
Link-local : if the GCap are in the same subnet. Plage FE80::/10. Ex : FE80::100/64.
ULA (Unique Local Address) : if GCap are in different subnets. Plage FD00::/7. Ex : FD00::100/64.
Global Unicast : if GCap should communicate via the internet. Plage 2001::/3. Ex : 2001::1/64.
- public-ip fe80::YYYIPv6 address of neighbouring GCap among:
Link-local : If the GCap are in the same subnet. Plage FE80::/10. Ex : FE80::100/64.
ULA (Unique Local Address) : if GCap are in different subnets. Plage FD00::/7. Ex : FD00::100/64.
Global Unicast : if GCap should communicate via the internet. Plage 2001::/3. Ex : 2001::1/64
multicast-group ff02::200 : multicast IPv6 address for communication between GCaps. Plage FF00::/8. Ex : FF02::200.
peer-pubkey 2wtmYCaoUGreyr2CROnKAIoEgTXkSOedXlXDvUfBU= : Neighboring GCap public key visible via show advanced-configuration high-availability pubkey command
shared-secret Xxf4fknh4KoOH2zgrI4Wyw== : 16 byte secret encoded in base64 which must be identical between the 2 GCaps.
Validate.
The system displays the result.
Updating HA configuration High availability configuration successfully updated
5.5.15.6. Example of configuring high availability on the second GCap
Enter the following command.
(gcap-cli) set advanced-configuration high-availability peer-ip fe80::YYY public-ip fe80::XXX multicast-group ff02::200 peer-pubkey xehXnrigZ0IZZEvWbWri8XegNh0KaAQk8vC6mKj27Ug= shared-secret Xxf4fknh4KoOH2zgrI4Wyw==
The system displays the result.
Updating HA configuration
High availability configuration successfully updated
5.5.15.7. Example of configuring high availability on each GCap
Enter the following command.
(gcap-cli) set advanced-configuration high-availability enable confirm
The system displays the result.
Interfaces naming rules updated, reloading configuration
Operation successful.
High availability configuration successfully updated