HA terminology

  1. HA Cluster

    Group of two devices instructed to work as a single entity. Every HA Cluster has one Primary device and one Auxiliary device. The Primary device controls how the cluster operates. The roles that the Primary and Auxiliary devices play in the cluster depend on the configuration mode.

  2. HA Configuration Modes
    Active-Active
    A configuration of HA cluster consists of a Primary device and one Auxiliary device. In this mode, both Primary device and Auxiliary device process traffic while primary unit is in charge of balancing the traffic. Decision of load balancing is taken by the Primary device. Auxiliary device can take over only in case of a primary unit failure. (Currently Firewall Manager can not be deployed in Active-Active HA mode).
    Active-Passive
    A configuration of HA cluster which consists of a Primary device and an Auxiliary device. In this mode, only the Primary device processes traffic while Auxiliary device remains in stand-by mode, ready to take over if a Primary device failure occurs.
  3. Primary device

    The Primary device also tracks the status of all cluster devices. In an Active-Active cluster, the Primary device receives entire network traffic and acts as the load balancer to redirect traffic to Auxiliary device.

    In an Active-Passive cluster, the Primary device processes the network traffic while Auxiliary device does not process any traffic but remains ready to take over if Primary device fails.

  4. Auxiliary device

    Auxiliary device is always waits to become the Primary device.

    In an active-active cluster, Auxiliary device processes the network traffic assigned to it by the Primary device. In case Primary device fails, Auxiliary device becomes the Primary device. In an active-passive cluster, Auxiliary device does not process network traffic and is in stand-by. It becomes active only when Primary device is not available to process the traffic.

  5. Dedicated HA Link Port

    Dedicated HA link is a direct physical link between the devices participating in HA cluster.

  6. Load Balancing

    An ability of HA cluster of balancing the traffic between nodes in the HA cluster.

  7. Monitored Interface

    Set of interfaces that are selected to be monitored. Each device monitors its own such interface and if any of them is goes down, device will remove itself from the cluster and failover occurs.

  8. Virtual MAC

    It is a MAC Address associated with the HA cluster. This address is sent in response when any of the machines make an ARP request to HA cluster. It is not the actual MAC Address and is not assigned to any interface of any unit in the cluster.

    A Primary device owns the MAC Address and is used for routing network traffic. All external clients use this address to communicate with the HA cluster. In case of failover, new Primary device will have the same MAC Address as the failed Primary device. The cluster device which has a Virtual MAC Address acts as a Primary device.

  9. Primary State

    In Active-Active mode, the device that is in charge of receiving all the traffic and load balancing is said to be in "Primary" state. An device can be in "Primary" state only when the other device is in "Auxiliary" state.

    In Active-Passive mode, the device in charge of processing all the traffic is said to be in the "Primary" state. An device can be in "Primary" state only when the other device is in "Auxiliary" state.

  10. Auxiliary State

    In Active-Active mode, the device that receives the traffic to be processed by it from the Primary device is called to be in "Auxiliary" state. An device can be in "Auxiliary" state only when the other device is in "Primary" state

    In Active-Passive mode, the device which is not processing the traffic is called to be in "Auxiliary" state. An device can be in "Auxiliary" state only when the other device is in "Primary" state.

  11. Standalone State

    An device is called to be in Standalone state when it can still process network traffic and when the other device is not in position to process network traffic (i.e. in "Fault" state or shut down).

  12. Fault State

    An device is in fault state when it cannot process network traffic if a device or link fails.

  13. Peer

    Once the HA cluster is configured, cluster devices are termed as Peers i.e. for Primary device, Auxiliary device is its peer device and vice versa.

  14. Synchronization

    The process of sharing the various cluster configuration, between Cluster devices (HA peers). Reports generated are not synchronized.

  15. Device failover

    If an device does not receive any communication within the predetermined period of time from the HA peer, the peer device is considered to have failed. This process is termed as Device Failover as when this occurs, the peer device is taken over.

  16. Link Failover

    Both the device in an HA cluster continuously monitor the dedicated HA link and the interfaces configured to be monitored. If any of them fails it is called link failure.

  17. Session failover

    Whether it is a device or link failover, session failover occurs for forwarded TCP traffic except for the virus scanned sessions that are in progress, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and Proxy traffic.

    Device normally maintains session information for TCP traffic which is not passing through proxy service. Hence, in case of failover, the device which takes over will take care of all the sessions (TCP session not passing through proxy application). The entire process is transparent for the end users.