1 2 Previous Next 13 Replies Latest reply on Sep 6, 2010 5:33 AM by michael_schneider

    Secure Web - HA Cluster Configuration

    Troja

      Hi all,

      has anyone tried the HA Cluster with MWG 7.x?? I tried several settings and configurations, but it is not working.

      Has anyone any hints for me?

      cheers, Thorsten

        • 1. Re: Secure Web - HA Cluster Configuration

          I am using 7.x on HA cluster (2 units) and I do not have any issues. May I know in what mode have you deployed the proxy?

           

          Dinesh

          • 2. Re: Secure Web - HA Cluster Configuration
            Troja

            Are you able to ping the virtual IP-Adress when one Clusternode will be rebooted?

            cheers, Thorsten

            • 3. Re: Secure Web - HA Cluster Configuration

              Yes, I am able to ping.

               

              I have deployed in an explicit proxy mode and so far I have tried all the possibilities on HA, the response seems to be good.

              • 4. Re: Secure Web - HA Cluster Configuration
                Troja

                Is it possible to get more Infos regarding the HA Configuration??

                - RouterID

                - VIPSs

                 

                My problem is, i´m not able to ping the virtual IP when one cluster node is down.

                • 5. Re: Secure Web - HA Cluster Configuration

                  Not sure abt router ID, but as for the rest it is as below for my scenario

                   

                  For ex:

                  MWG-1 - Physical IP - 1.1.1.1

                  MWG-2 - Physical IP - 1.1.1.2

                  VIP - This should be in the same IP subnet as the physical IP - 1.1.1.20

                  VIP Interface - leave it as default, which is eth2, this port is where I have used to connect to LAN

                  Director priority-The node with higher priority will be the active node for HA, whereas the other is in passive mode.

                  • 6. Re: Secure Web - HA Cluster Configuration
                    michael_schneider

                    Hello,

                     

                    or clustering aka HA, MWG is using VRRP to route traffic between the two instances. When you are building the cluster, make sure that the Director priority is actually set on both nodes, otherwise they won't cluster correctly. On the command line execute "mfend-lb -s" on both and post the status output here. This should help figuring if you have an issue with clustering in general.

                     

                    best,

                    Michael

                    1 of 1 people found this helpful
                    • 7. Re: Secure Web - HA Cluster Configuration
                      Troja

                      Hi Mark,

                      this is the output:

                       

                      root@ww7proxy1 ~]# mfend-lb -s
                           device: ww7proxy1
                      statechange:
                               ip: 10.1.1.226
                              ip6: fe80::250:56ff:fea4:4c59
                        protocols: 00000001
                              mac: 005056a44c59
                            state: NETWORK
                            stats: 0 0 67 0 0
                      statusvalid: 1
                             type: director

                           device: __SELF__
                      statechange:
                               ip: 0.0.0.0
                              ip6: ::
                        protocols: 00000001
                              mac: 005056a44c59
                            state: OK
                            stats: 0 0 67 0 0
                      statusvalid: 1
                             type: scanning

                           device: ww7proxy2
                      statechange: 1283506608 (Fri Sep  3 11:36:48 2010)
                               ip: 10.1.1.227
                              ip6: ::
                        protocols: 00000001
                              mac: 005056a40491
                            state: REDUNDANT
                            stats: 0 0 0 0 0
                      statusvalid: 1
                             type: redundant

                           device: ww7proxy2
                      statechange: 1283506608 (Fri Sep  3 11:36:48 2010)
                               ip: 10.1.1.227
                              ip6: ::
                        protocols: 00000001
                              mac: 005056a40491
                            state: OK
                            stats: 0 0 0 0 0
                      statusvalid: 1
                             type: scanning

                       

                       

                      If ww7proxy1 is rebooted, ww7proxy2 takes ofer the virtual IP. This works fine. But, i´m not able to define the configuration into the other way. ww7proxy1 should also overtake the virtual IP from ww7proxy2.

                       

                      cheers,

                      Thorsten

                      • 8. Re: Secure Web - HA Cluster Configuration
                        michael_schneider

                        Hi Thorsten,

                         

                        can you do the same on the 2nd proxy, please?

                         

                        thanks,

                        Michael

                        • 9. Re: Secure Web - HA Cluster Configuration
                          Troja

                          Here you are. Btw, i´m also not able to ping the VIP on the second proxy. :-|

                           

                          ast login: Fri Sep  3 09:47:47 2010
                          [root@ww7proxy2 ~]# mfend-lb -s
                               device: ww7proxy2
                          statechange:
                                   ip: 10.1.1.227
                                  ip6: ::
                            protocols: 00000001
                                  mac: 005056a40491
                                state: REDUNDANT
                          statusvalid: 1
                                 type: redundant

                               device: __SELF__
                          statechange:
                                   ip: 0.0.0.0
                                  ip6: ::
                            protocols: 00000001
                                  mac: 005056a40491
                                state: OK
                                stats: 0 0 27 0 0
                          statusvalid: 1
                                 type: scanning

                               device: ww7proxy1
                          statechange: 1283506617 (Fri Sep  3 11:36:57 2010)
                                   ip: 10.1.1.226
                                  ip6: fe80::250:56ff:fea4:4c59
                            protocols: 00000001
                                  mac: 005056a44c59
                                state: NETWORK
                                stats: 0 -6 0 0 0
                          statusvalid: 1
                                 type: director

                          1 2 Previous Next