6.2.2.16.2. high-availability
6.2.2.16.2.1. Introduction
The high-availability
command of the advanced-configuration
subgroup enables configuring high availability between 2 GCap (function added from version 2.5.3.105).
Operation:
Refer to the paragraph on Operation of high availability.
Type of network configuration:
link with 1 interface:
mon0
is replaced byha0
The available capture interfaces are thereforemon1
,mon2
, etc.link with 2 interfaces:
mon0
andmon1
are replaced byha0
andha1
.
The available capture interfaces are thereforemon2
,mon3
, etc.
A GCap leader
becomes a follower
under the following conditions:
Loss of connection to the GCenter for 1 min
Loss of the detection engine for five minutes
6.2.2.16.2.2. Prerequisites
User: setup
Dependencies: the detection engine must be switched off
6.2.2.16.2.3. Command
set advanced-config high-availability [public-ip IPV6/MASK] [gateway GATEWAY|null] [peer-ip IPV6] [multicast-group IPV6] [shared-secret SECRET] [peer-pubkey KEY] [bonding-enabled|bonding-disabled]
set advanced-config high-availability [enable|disable] [confirm]
Explanation of the parameters:
bonding-enabled: enable card aggregation
mon0
+mon1
.bonding-disabled: disable card aggregation
mon0
+mon1
.enable: enable high availability.
disable: disable high availability.
gateway: IPv6 address of the gateway in case the GCAPs are not in the same subnet.
Multicast-group: IPv6 multicast address for communication between GCaps. Range FD00::/8. Ex: FF02::200.
peer-ip: IPv6 address of the neighbouring GCap among:
Link-local: if the GCaps are in the same subnet. Range FE80::/10. Ex: FE80::100/64.
Unique Local Address (ULA): If the GCaps are in different subnets. Range FD00::/7. Ex: FD00::100/64.
Global Unicast: If the GCap's need to communicate via the internet. Range 2001::/3. Ex: 2001::1/64.
peer-pubkey: Public key of the neighbouring GCap via the
show advanced-configuration high-availability pubkey
command.peer-ip: IPv6 address of the GCap among:
Link-local: if the GCaps are in the same subnet. Range FE80::/10. Ex: FE80::100/64.
Unique Local Address (ULA): If the GCaps are in different subnets. Range FD00::/7. Ex: FD00::100/64.
Global Unicast: If the GCap's need to communicate via the internet. Range 2001::/3. Ex: 2001::1/64.
shared-secret: secret of 16 bytes encoded in base 64 that must be identical between the 2 GCaps.
6.2.2.16.2.4. Example of configuring high availability on the first GCap
Enter the following command.
(gcap-cli) set advanced-configuration high-availability peer-ip fe80::XXX public-ip fe80::YYY multicast-group ff02::200 peer-pubkey 2wtmY/oCaoUGreyr2CROnKAIoEgTXkSOedXlXDvUfBU= shared-secret Xxf4fknh4KoOH2zgrI4Wyw==
Validate.
The system displays the result.Updating HA configuration High availability configuration successfully updated
6.2.2.16.2.5. Example of configuring high availability on the second GCap
Enter the following command.
(gcap-cli) set advanced-configuration high-availability peer-ip fe80::YYY public-ip fe80::XXX multicast-group ff02::200 peer-pubkey xehXnrigZ0IZZEvWbWri8XegNh0KaAQk8vC6mKj27Ug= shared-secret Xxf4fknh4KoOH2zgrI4Wyw==
Validate.
The system displays the result.Updating HA configuration High availability configuration successfully updated
6.2.2.16.2.6. Example of eanbling high availability on each GCap
Enter the following command.
(gcap-cli) set advanced-configuration high-availability enable confirm
Validate.
The system displays the result.Interfaces naming rules updated, reloading configuration Operation successful. High availability configuration successfully updated