6.2.1.24.2. high availability by redundancy of 2 GCaps
6.2.1.24.2.1. Introduction
The status
command of the show advanced-configuration high-availability
subgroup enables displaying the GCap status.
The configuration
command of the show advanced-configuration high-availability
subgroup enables displaying the high availability configuration of the GCap.
The pubkey
command of the show advanced-configuration high-availability
subgroup enables displaying the public key used by the high availability.
Operation:
Refer to the paragraph on Operation of high availability.
Type of network configuration:
link with 1 interface:
mon0
is replaced byha0
, so capture interfaces can be used frommon1
link with 2 interfaces:
mon0
andmon1
are replaced byha0
andha1
, so the capture interfaces can be used frommon2
A GCap leader
becomes a follower
under the following conditions:
Loss of connection to the GCenter for 1 min
Loss of the detection engine for 5 min
6.2.1.24.2.2. Prerequisites
User: setup
Dependencies: the detection engine must be switched off
6.2.1.24.2.3. Command
show advanced-configuration high-availability {status|configuration|pubkey}
6.2.1.24.2.4. Example for displaying the high availability status (GCap redundancy)
Enter the following command.
(gcap-cli) show advanced-configuration high-availability status
Validate.
The system displays the result on the connected GCap.Current high-availability status: - status: Operational [unhealthy] - paired GCap: fe80::233 - leader: Leader - time since last status: Unknown - Leader since: 2022-01-21T15:35:09Z
The counters displayed are:
status: status of the GCap:
Operational: OK
unhealthy: if the GCap is not connected to the neighbouring GCap.
paired GCap: IPv6 address of the neighbouring GCap.
leader: election status among:
Leader
Follower.
time since last status: time since the last healthcheck of the neighbouring GCap.
Leader since: date when the GCap became the Leader.
6.2.1.24.2.5. Example of displaying the public key used by the high availability
Enter the following command.
(gcap-cli) show advanced-configuration high-availability pubkey
Validate.
The system displays the public key.Wireguard public key: 'Fypsdign0R6aRP9j5pJkTcAJoi4eE/gTV9McCpBYjAk='
6.2.1.24.2.6. Example for displaying the configuration of the GCap high availability
Enter the following command.
(gcap-cli) show advanced-configuration high-availability configuration
Validate.
The system displays the result.Current high-availability configuration [enabled]: - bonding enabled: disabled - public ip: fe80::149/128 - multicast group: ff02::200 - peer public IP: fe80::233 - peer public key: 2wtmY/oCaoUGreyr2CROnKAIoEgTXkSOedXlXDvUfBU= - shared secret: Xxf4fknh4KoOH2zgrI4Wyw==
bonding enabled:
enabled: aggregation is activated
disabled: aggregation is desactivated.
public ip: IPv6 address of the GCap among:
Link-local: If the GCaps are in the same subnet. Range FE80::/10. Ex: FE80::100/64.
Unique Local Address (ULA): If the GCaps are in different subnets. Range FD00::/7. Ex: FD00::100/64.
Global Unicast: If the GCap's need to communicate via the internet. Range 2001::/3. Ex: 2001::1/64.
multicast group: IPv6 multicast address for communicating between GCaps. Range FD00::/8. Ex: FF02::200.
peer public IP: IPv6 address of the neighbouring GCap among:
Link-local: If the GCaps are in the same subnet. Range FE80::/10. Ex: FE80::100/64.
Unique Local Address (ULA): If the GCaps are in different subnets. Range FD00::/7. Ex: FD00::100/64.
Global Unicast: If the GCap's need to communicate via the internet. Range 2001::/3. Ex: 2001::1/64.
peer public key: Public key of the neighbouring GCap via the
show advanced-configuration high-availability pubkey
command.shared secret: Secret of 16 bytes encoded in base 64 that must be identical between the 2 GCaps.