18.1. General High Availability

High Availability in VT AIR is composed of three different and independent settings:

  • Configuration Synchronization
  • States Synchronization
  • VRRP Virtual IPs

Each of these settings can be enabled independent of each other and they do not influence the other settings. A complete HA setup though, only makes sense when all three parts are activated.

18.1.1. Interface setup

There is an interface requirement before you start the High Availability setup. Since two devices do not need to be the same make and model, you have to configure the interfaces individually first.

The synchronizations depend on stable internal interface names (WAN, LAN, INT1, INT2, ….). These names have to match on both ends of a sync master and client. The INTX numbers are set automatically by the system in the background and can be seen in Interfaces → Assign or on each interface settings page on the upper left corner.

Please make sure to have the same amount of interfaces and that the names match up on both ends. Also make sure that the Interfaces IPs are different and do not conflict.

18.1.2. Synchronization Interface

It is highly recommended to use a Synchronization Interface for all sync activities. The data are partially unencrypted and it is important that they arrive on each box in a timely and safe manner.

Use either a seperate VLAN or a seperate physical Interface.

Hihg Availability Sync VLAN Hihg Availability Sync Interface

Give all VT AIR a static IP Address in this network and do not enable the DHCP Server.

Hihg Availability Sync Interface Settings

Make sure that there is a Firewall Rule to allow all Traffic to the Interface IP Address on the Sync Interface on each VT AIR.

Hihg Availability Sync Firewall Rule

Set the same password for the hasync user on each VT AIR.

18.1.3. High Availability Nodes

There is no limit to the amount of nodes you can add to the HA setup. You can daisy chain nodes in VT AIR, you only need to have the Configuration Sync enabled on each node that should sync to the next one.

Some systems like DHCP do not support to have more than three members though.