Important settings to note when configuring High Availability on KEMP LoadMasters

When configuring High Availability for two KEMP LoadMasters (hardware or virtual appliances), please note the following important settings and guidelines that are critical to a successful first time setup/deployment of an HA pair:

NTP Host. Prior to pairing two LoadMasters, an NTP Host should be set to ensure no time drift occurs between the two appliances in the HA pair. The reason being is that the HeartBeat and CARP packets that flow between the appliances carry a timestamp. For example, if using the default HA timeout setting of 9 seconds and if the time difference or drift between the appliances is more than 9 seconds, the Standby or Hot Standby appliance thinks it missed or didn't receive any HeartBeat/CARP packets (which in actuality it did) and will assume the Active appliance is dead. This is because it is fooled into thinking it didn’t receive any packets thus initiating a failover event to occur.  Examples of NTP Hosts that can be used are time.nist.gov or the IP address of a Domain Controller and can be set by drilling down to System Configuration > System Administration > Date/Time in the LoadMaster Web User Interface (WUI). See the screen shots below.

 figure1.png

Figure 1 – Navigating to the Date/Time setting in the LoadMaster WUI.

figure2.png

Figure 2 – Setting an NTP Host.
NOTE: Once an NTP Host has been added and is set by clicking on the “Set NTP host” button the following message must follow a few seconds after to ensure the LoadMasters are able to grab the time from the NTP time source. Setting an NTP Host is normally done through the shared management IP address of the HA pair however to avoid a lengthy delay in synchronizing the LoadMaster HA pair to a particular NTP Host, it would be best to set the NTP Host on the Master and Standby appliance individually. Set the NTP Host information on the Master first, wait to see the message below then set the NTP Host on the Standby and make sure the message below is returned. That should successfully complete the NTP Host setup for the HA pair without a delay. 

figure3.png

Figure 3 – NTP message received after setting an NTP Host.

HA Virtual ID. The HA Virtual ID field under the HA Parameters should be changed to a number other than "1" if there are any other network appliances functioning as virtual clusters in the network infrastructure. This is because a Virtual ID of “1” is commonly used by vendors such as Cisco, and etc when it comes to clustering networking devices such as switches, routers, firewalls, etc. The HA Parameters can be located by drilling down to System Configuration > Miscellaneous Options > HA Parameters in the LoadMaster WUI. See the screen shots below.

figure4.png

Figure 4 – Navigating to the HA Parameters in the LoadMaster WUI.

figure5.png

Figure 5 – Setting the HA Virtual ID in the HA Parameters.

Use for HA checks. On a network interface, the "Use for HA checks" box MUST be selected on any interface that will be used for sending HeartBeats to the Partner LoadMaster. This applies regardless if the interface has an IP address assigned and connected to a switch or if there is a direct cable connect on the "eth1" interfaces of both LoadMasters. NOTE: if a direct cable connect is implemented, assigning an IP address on the “eth1” interface is not necessary and should not be added unless it will also be used as an HA Update or Multicast interface. See the screen shot below.

figure6.png

Figure 6 – Setting an interface for HA checks.


L4/L7 Updates. Ensure "Inter HA L4 TCP Connection Updates" and/or "Inter HA L7 Persistency Updates" are selected depending on what Layers the Virtual Services have been configured on. If both Layer 4 and Layer 7 Virtual Services are configured then both of these options should be selected to ensure consistent connection/persistence updates are synchronized between LoadMaster partners for the Virtual Services that are configured. These settings ensure that client session and connection state remains intact during an HA failover scenario. See the screen shot below.

figure7.png

Figure 7 – Setting Inter HA Updates in the HA Parameters.

HA Multicast Interface. Once the Inter HA option(s) have been selected, ensure the correct "HA Multicast Interface" is selected in the HA parameters.  This is the interface that’s used for syncing connection/persistence updates (as mentioned above). So, for example if there is a direct cable connect between the two LoadMasters, “out of band” Multicast updates or syncs can be done. As an example, you can specify the second interface on the LoadMasters (eth1) to be your sync port and it will pass the Multicast information “out of band” on that port only thus keeping it out of, or separate from your network. That said it is without a doubt a great idea to have at least two connections on your LoadMaster HA pair. NOTE: The HA Multicast Interface is not to be confused with the HA Update Interface as the Update Interface is used to synchronize configuration updates from the Active to the Partner LoadMaster.  See the screen shot below.

figure8.png

Figure 8 – Setting an interface for HA Multicast Updates in the HA Parameters.

In conclusion, adhering to the recommendations and guidelines mentioned in this document can aid in preventing common setup issues and pitfalls when configuring High Availability on a pair of KEMP LoadMaster appliances (virtual or hardware) for the first time. Setting these options as recommended usually dictate or determine whether a first time LoadMaster deployment is successful or not. For more detailed information on LoadMaster setup and on the complete feature set, please visit this link: http://www.kemptechnologies.com/loadmaster-documentation