If a Corente Services Gateway becomes unreachable by its partners due to connection, router, or local loop problems, you can provide alternate methods for partners to reach each of the Location's User Groups and applications. This is referred to as Traffic failover, which can be configured on the High Availability tab.
To use traffic failover, choose one or more Corente Services Gateways in your application network to function as a Backup Location gateway for each User Group and application of this Location gateway, known as the Primary Corente Services Gateway. If a tunnel or connection fails to the Primary Corente Services Gateway, users at the partner Locations can continue to access necessary corporate resources by utilizing a tunnel to the Backup Corente Services Gateway.
A Primary Corente Services Gateway and its Backup Corente Services Gateways must never be configured as application network partners.
Traffic failover can be arranged as follows to provide high availability for the connections in your application network:
Collocated Primary and Backup Location Gateways
Traffic failover can be used to provide an entirely redundant connection to a LAN. In this scenario, the Primary and Backup Corente Services Gateways are installed on the same LAN, but connected to separate WAN routers, separate physical local loops, and separate carrier clouds. If the Primary Corente Services Gateway becomes unreachable because one or more of these elements fail, remote sites connecting to the Primary Corente Services Gateway can fail over to their connections to the Backup Corente Services Gateway. Additionally, all computers on the LAN participating in the application network automatically reroute to the Backup Corente Services Gateway for application network access, as well.
Primary and Backup Location Gateways on Different LANs
Enterprises can use traffic failover to recover in the event that a hub site goes down. If a hub site fails, the remote sites can use one or more Backup Corente Services Gateways located at one or more other sites to reach their necessary subnets and resources. The site of a Backup Corente Services Gateway may contain the same necessary resources that the main hub site contained (for example, if it is a mirror site or disaster recovery center) or the site of the Backup Corente Services Gateway may have routing infrastructure that can route to the Primary Corente Services Gateway's LAN through alternate means (such as a frame relay service, ATM, or private line).
In both scenarios, for partners to use a Backup Location gateway's tunnel to connect to computers behind the Primary Corente Services Gateway, routers must be in place behind both the Primary Corente Services Gateway and the Backup Corente Services Gateway. The router behind the Primary Corente Services Gateway must be configured with alternate routes for application network traffic to the Backup Corente Services Gateway, while the router behind the Backup Corente Services Gateway must be configured to recognize the subnets behind the Primary Corente Services Gateway and route any traffic destined for those subnets to the appropriate location. The location can be either mirrored subnets or the real subnets, if a non-application-network connection to the Primary Location gateway's LAN is present.
Additionally, partners of the Primary Corente Services Gateway must also be partners of the Backup Corente Services Gateway, so that if tunnels to the Primary Corente Services Gateway fail, the partners can reach the Primary Corente Services Gateway's LAN or mirrored subnets through their tunnels to the Backup Corente Services Gateway. Remember, though, that a Primary Corente Services Gateway and its Backup Corente Services Gateway must never be configured as application network partners.
User Group Failover Settings
In this section, specify the general parameters that will apply to traffic failover for this Primary Corente Services Gateway. On the Partners Tab, you can specify settings for each partner that will override these settings.
Failover/Failback detection interval (secs): The period of time that the partner of this Corente Services Gateway will wait until it fails over to a Backup Corente Services Gateway when it detects that the connection to this Corente Services Gateway is down. Also, the period of time that the partner will wait after it detects that the connection to this Corente Services Gateway is back up before it reverts to the connection to this Corente Services Gateway. The default is 30 seconds.
Packet Loss Threshold (percent): The minimum percentage of packets that must be lost to cause the partner to detect a failed connection. The default is 100%.
Add/Edit Failover Locations
Corente Services Gateways can have failover Locations. Failover Locations provide backups for Corente Services Gateways. If a Corente Services Gateway becomes unavailable, the partners for that Corente Services Gateway connect to the failover Location.
Partner Corente Services Gateways connect to one failover Location at a time. However, you can configure user groups and applications for partners so that they use different, multiple failover Locations.
Use the Up and Down buttons to arrange failover Locations by order of priority.
To add a new failover configuration, click the Add button.
Fill out the fields as follows:
Failover Location: Select the Corente Services Gateway from this pull-down menu that you would like to function as the Backup Corente Services Gateway. This menu will contain every Location in your application network that is not a partner of this Corente Services Gateway.
Select User Groups/Applications for Failover: Choose the User Groups and applications that will use the selected Location as a Backup Location gateway. When a Backup Corente Services Gateway is being used for failover, all User Groups and applications that you choose here will use that Corente Services Gateway to reach necessary resources.
When you have finished, click the OK button to store your changes or the Cancel button to discard your changes.
Load Balancing with Failover
If you would like to let hub sites with multiple Location gateways manage application network traffic by allowing these Corente Services Gateways to support the same User Groups and applications, you can use the High Availability tab in conjunction with the Partner for Failover Only option on the Partners Tab. Select this option to use a Corente Services Gateway partner as a Backup connection to a site if the connection to the Primary Corente Services Gateway partner at that site should fail.
To use this option, begin by configuring the Primary and Backup Corente Services Gateways for a hub site. Each Corente Services Gateway requires a separate, distinct personality file, but the personality files can include identical User Group and application definitions. Both the Primary and Backup Corente Services Gateways of the hub site should be partnered with the Locations that must connect to this site. Additionally, the Primary Corente Services Gateway must have the Backup Corente Services Gateway selected as the Backup Corente Services Gateway on its High Availability tab for one or more User Groups/applications.
Next, when configuring the Locations that must connect to this site, select both the Primary and Backup hub site Location gateways as partners, but select the Partner for Failover Only option for the Backup Corente Services Gateways. This Location will now connect to the hub site through the Primary Corente Services Gateway until a failure scenario occurs, and then will be able to connect to the same site through the Backup Corente Services Gateway.
Traffic Failover and Automatic Routing Protocols
Some considerations must be made when enabling traffic failover and automatic routing protocols (such as RIP, OSPF, and BGP) at the same time in a datacenter. To illustrate, consider the example of Gateway A and Gateway B, located within the same datacenter, and Gateway C, which is located at another site.
In the simplest case, Gateway A is partnered with Gateway C. Gateway B is partnered with Gateway C as a Partner for Failover Only, for a backup route to the datacenter. As failover (or failback) occurs, routes for Gateway C are automatically advertised on Gateway A or Gateway B (whichever is currently up). Advertisement of new RIP, OSPF, and BGP routes will be automatic; just ensure that the autorouting protocol you are using (RIP, oSPF, or BGP) is turned on for the routers at the datacenter.
However, if Gateway A and Gateway B are both ordinary partners of Gateway C (in other words, neither is Partner for Failover Only), and Gateway B is configured as a backup for Gateway A’s applications and subnets on Gateway C, the same automatic advertisement will not work because Gateway A and Gateway B are in the same datacenter. You can only have one gateway (A or B) communicate with Gateway C at a time, because routes will be advertised on the LAN from both A and B to C at the same time. This can be resolved by weighting the RIP, OSPF, and BGP routes so that Gateway A is favored, in which case, failover and auto-advertisement of routes will occur correctly.