One of the methods available to make Citrix ADC (formerly NetScaler) redundant is the High Availability feature that is packed with all models and editions of ADC. High Availability works in an active/passive pair.
This means one ADC node acts as the active primary node and the second appliance sits passively waiting for the active node to go down. A maximum of two ADCs (and a minimum for that matter) can be used for High Availability.
If you make a change on the primary appliance, the change is synchronized to the secondary node. You should not make changes on a secondary node as they will not be replicated to the primary. When you log on to a secondary node GUI you are presented with a warning as below.
Each ADC node monitors one another with heartbeats that are communicated through the pairs NSIP addresses. The NSIP is unique to each device, and you must make sure both devices can reach one another via their NSIP.
Your ADC appliances must be running the same model and build version to be supported by Citrix. If builds are different, synchronisation between both nodes is disabled. There will be times when builds are different, such as during upgrades, however this is temporary.
The following ports must be open between each ADC appliance in the pair:
- UDP 3003 – Heartbeat exchange communication.
- TCP 3008 – Secure high availability configuration synchronization.
- TCP 3009 – Secure command propogation and MEP (Metric Exchange Protocol).
- TCP 3010 – High availability configuration synchronization.
- TCP 3011 – Command propogation and MEP (Metric Exchange Protocol).
- SSH 22 – Used by rsync during file synchronization between primary and secondary appliance.
To set up High Availability, on your first node, navigate to System -> High Availability -> Add.
Enter the Remote Node IP Address, username and password. Keep the default options ticked as below. If your nodes are on different subnets for example differnet NSIP VLANs, tick the Turn on INC option. This ensures some networking settings are unique and maintained per node. Objects such as SNIPs, VLANs and static routes are not replicated between nodes when INC is used. Click Create.
Newer versions of ADC have a Secure Access checkbox which allows communication to travel over HTTPS.
Both ADCs will now appear in the Nodes list. Any configurational setting on the primary node will synchronize across to the secondary node.
A refresh of the screen shows synchronization is a success on the secondary node.
If you click the Action button you can force synchronization and force failover between nodes.
Click on Statistics to get information on how many heartbeats have been sent and received. Also you can see the state of the current ADC you are currently logged on to which will either display Primary or Secondary.
Select the node you are logged on to and click Edit.
Here you can specify the node to stay primary, or disabled etc. You can also set a node to stay secondary. You will need to use these options when upgrading ADCs in an HA pair.
The Hello Interval (msecs) field specifies how often a heartbeat is sent to the participating node over port UDP 3003. The default value is 200 but can be between 200 and 1000. The Dead Interval (secs) setting specifies how long heartbeat failures can occur before the ADC node is marked as down. The default value is 3 but can be between 3 and 60. The Default Interval must be set as a multiple of the Hello Interval.
You can also specify options such as maintaining one primary node even in the event that both nodes are unhealthy.
You can also configure and maintain high availabilty using the CLI.
show ha node shows high availability configuration information for each node.
force failover forces failover to the secondary node.
force ha sync forces a synchronization to occur. Files such as licenses and rc.conf are not synchronized between nodes. rc.conf contains the ADC hostname so must remain unique on each node. SSL files etc. should synchronize.
If you notice that some configuration or files are not synchronizing, review the files under /var/nssynclog/ on ADC.
set ha node -hasync disabled disables synchronization on the node you are running the command from.
Running the show ha node command confirms synchronization is disabled. We can enable synchronization again by using the set ha node -hasync enabled command.
Edward Callao
November 30, 2020Hello it is possible to use an additional physical interface only for heartbeats and synchronization, and that it does not go through a switch but is a direct cable.
Andrew
April 13, 2021did this with a SDX pair. configure in that VPX that interface to be ha sync vlan.