This is needed if HA-Pro is not working as expected. The most common mistake occurs about the wrong Firmware slot or that different Firmware Versions installed. With this HA Pro will not work and we suggest redeploying HA-Pro. Also, you must redeploy if you must Replace a faulty unit from the Device HA Pro setup. The basic installation you can find here, this KB is based on KB: Basic Setup - Device HA Pro.
This KB is to redeploy HA-Pro.
1. Basic setup and Topo of Device-HA-Pro
2. Before you redeploy the HA-Pro
5. Status check, connect Console to both devices
1. Topo (DeviceHA-Pro)
In Device HA Pro, a “heartbeat link” is added for monitoring the interface status and synchronizing settings.
The behavior of the Device HA Pro includes a heartbeat link to monitor the “activate” device’s interface status. If one of the monitored interfaces is dead or fails, the “passive” device’s status will become “activate”. (This means only 1 device’s status can be “activate” at a time.)
Heartbeat Link
The heartbeat port is a new physical port on the device (fix in Firmware last Port of supported HA-Pro device). After you have enabled Device HA Pro, the devices will transmit multicast packets (UDP 694) to check each device’s status. When the passive device is working properly, the system LED light will be on. Only the heartbeat port’s LED light can be on.
What can go wrong? Why can’t see the correct license status from the myzyxel.com server?
On the Device-HA Pro setting, there is a function “Serial number of the licensed device for license synchronization”. You should enter the device’s S/N with licenses. So you can transfer all of the licenses to the “Activate” device, and enter this device’s S/N in the frame.
Note: The default bundled one-year Gold Security Pack license of ATP gateways is non-transferable. For Device HA deployment, please contact Zyxel support in your country/region to help you transfer licenses. License Information you can find here: Device HA Pro - Do I need all licenses twice for an HA (high-availability) solution?
The basic installation you can find here: Basic Setup - Device HA Pro
2. Before you redeploy the HA-Pro
(1) Transfer all of the licenses to the primary device. This helps to avoid the system from recounting licenses every time.
(2) Enable the connectivity check function on the monitored interfaces. When an interface doesn’t receive any response from the remote server for a certain period of time, the device will consider the interface status as fail. Then the Device HA Pro feature will change the status of the interface.
- Backup the DeviceA (Active) current configuration.
- Make sure the DeviceB (Passive) is reset to the default setting
- On Device B, the running firmware version must be the same as Device A.
- On Device B, the partition of running firmware must be in the same position as Device A.
- Confirm the Serial Number of Device A is entered on the HA-Pro page.
Go to Configuration> Device HA>Device HA-Pro
Then Progress configure HA setting
Note! Device Management IP and local subnets cannot be the same!
3. Deploy the first device
- Configure HA Pro settings (management IP, monitor interface, license)
- Online as the Active device
4. Deploy the second device
- The running firmware version must be the same as the first device
- The running firmware partition must the same position as the first device
The running partition of the first device is partition 1, then the running partition of the second device must be partition 1.
- Configure HA-pro settings on GUI (2 buttons click only)
On the passive device first:
On the active device second:
5. Connect console on both devices
- Connect the heartbeat port link and wait for the full sync.
Note: it takes times (above 10 mins) for the first time full configuration synchronizes
How to check if the full synchronize is finished without problem,
On the Passive device console, you will see the physical port (the PC connected)
1st down: after you enable device HA-pro
1st up: start to apply configuration sync from the active device
2nd down: almost finish the synchronization
Then you can go to the console of the active device to type CLI
# show device-ha2 passive device-status
Until you get the information of the passive device.
Then go back to the console of the passive device to type CLI
# show device-ha2 sync summary
It’s very important that [ZySH Startup Configuration] status should be successful without any issue and the last line the status of Device HA Sync also successful.
Caution:
Any fail, please disconnect all the links. Then reset the device to factory default and try again.
Don’t copy the configuration file from the first device and upload it to the second device to deploy.
- Connect the rest of the links
6. Test failover
You can use the debug CLI on the active device to simulate the interface down event.
So that to trigger the failover to the passive device.
# debug device-ha2 send linkdown <interface name>
Checking the synchronization status through the Web Interface:
CONFIGURATION > Device HA > View log there must be Synchronize complete.
Or check via CLI: Check the detail synchronization status on the device
show device-ha2 sync summary
It is very important that the last entry pertaining to the status of the Device HA Sync states that it has succeeded.
Synchronization Failure
Note: There are 2 methods to force the full configuration sync. Depending on where you initiate it, the command will vary.
On Passive device: Router# device-ha2 sync_from_active
On Active device: Router# device-ha2 sync_to_passive
When doing a firmware upgrade, the passive device will upgrade firmware first and then reboot.
After the passive device reboots, it will be conducting a full configuration synchronization immediately.
The synchronization will fail since the firmware of the passive device is different from the active device.
It is normal behavior and you can ignore the failed synchronization logs in this case.
Basic Setup of HA Pro you can find here: Device HA Pro Setup
Setup Assistance, you´re looking for assisted configuration by our Professional Services Team? Please check here: Zyxel ConfigService Security