High Availability

http://balancer.barracuda.com/cgi-mod/view_help.cgi?password=5c78...

High Availability
The Advanced > High Availability help page describes the following sections: Cluster Settings Clustered Systems and the following tasks: To To To To view an existing cluster create a cluster of two Barracuda Load Balancers remove a Barracuda Load Balancer from the cluster update the firmware of clustered Barracuda Load Balancers

There is also a topic on the Source IP Address in a Clustered Environment.

Cluster Settings
You can create an active-passive failover configuration with two Barracuda Load Balancers where both systems are on the same WAN subnet. The active system handles all of the traffic unless the passive system detects that either the active system is no longer responsive on the WAN, or if the active system detects that its LAN connection has been lost. If either of those conditions occur, the passive system becomes active, assumes all of the Virtual IP addresses of the Services and the LAN IP address of the other Barracuda Load Balancer, and performs the load balancing. The two systems must be configured with the same cluster shared secret and group ID. They negotiate which is the active one according to the VRRP specification. For more information about the High Availability feature, including requirements for the systems to be clustered, see the Barracuda Load Balancer Administrator's Guide which is available at http://www.barracudanetworks.com/documentation. Follow the task steps outlined in the next section in order to create or disjoin a cluster. Enable High Availability Set Enable High Availability to Yes on both the Barracuda Load Balancers before clustering. Setting Enable High Availability to No will close the clustering port 8002 listening on System Ip. Cluster Shared Secret The shared passcode that the clustered units use when communicating with one another. Both Barracuda Load Balancers in a cluster must have the same shared secret. Only the first 8 characters are used. Failback Mode Click Automatic if you want the originally active (primary) system to resume load balancing upon its recovery. Click Manual to wait until administrator intervention. Failover if LAN link is down Yes The passive system will take over if the active system detects that its LAN link is unavailable. No Ignore the LAN link. Select this if the LAN is not being used for load balancing, e.g. if using Direct Server Return or some other one-armed deployment. By default, the LAN link is monitored if a LAN IP address has been configured. Cluster Group ID This number is the same for both Barrauda Load Balancers in a cluster.

1 af 4

23-03-2012 13:18

High Availability

http://balancer.barracuda.com/cgi-mod/view_help.cgi?password=5c78...

If, on the local network, other network components, such as firewalls, are clustered using VRRP then they should use a different VRRP group ID than this one. Maximum value is 255.

Clustered Systems
To view an existing cluster: If a cluster exists, both Barracuda Load Balancers in the cluster are listed in the Clustered Systems table. The Role column indicates whether the system is active or passive as well as the order in which it was added to the cluster: primary first and backup second. If the Failback Mode is Manual and the backup system is active then the Failback button appears. Click Failback to make the primary system active. To create a cluster of two Barracuda Load Balancers: 1. Complete the installation process for each system: The active system should be fully configured. The backup system must be activated and have its firmware updated. For Route-Path only, leave the LAN IP Address and LAN Netmask fields blank on the Basic > IP Configuration page of the backup Barracuda Load Balancer. If the backup unit has to take over, it will assume the LAN IP Address and Netmask from the primary system. Both systems should be physically connected to the LAN and the WAN. 2. On the Advanced > High Availability page on the active Barracuda Load Balancer, complete all of the fields in the Cluster Settings section, and click Save Changes. The system will restart. Log in again. 3. On the Advanced > High Availability page on the backup Barracuda Load Balancer: 3a. Enter the values for the parameters in the Cluster Settings section. Click Save Changes. The system will restart. Log in and navigate to this page. 3b. In the Clustered Systems section, enter the WAN IP address of the active/primary Barracuda Load Balancer and click Join Cluster. 3c. The clustering will run as a background task and take about five minutes to complete. Do not do any other configuration changes while the clustering task is running. 4. After the clustering task is complete, refresh the Advanced > High Availability page on both Barracuda Load Balancers and verify that: Each system's WAN IP address appears in the Clustered Systems table. The status of each system is green. The passive/backup system is the one that joins the cluster. Specifically, it is the one in Step 3b. above where you click Join Cluster. To remove a Barracuda Load Balancer from the cluster: On the Barracuda Load Balancer that is being deleted from the cluster, perform the following steps: 1. On the Advanced > High Availability page, clear the Cluster Shared Secret to destroy the cluster. The system will restart. Log in again. 2. If the systems are in Route-Path mode, go immediately to the Basic > IP Configuration page. Change this system's LAN IP Address and Netmask to avoid collisions. Click Save Changes. 3. On the Advanced > High Availability page, click the garbage can icon to delete the other system from the Clustered Systems table. 4. Review this system's other settings and make changes as necessary. If you want to replace the removed system with another Barracuda Load Balancer, go to the Advanced > High Availability page on the remaining system and click the garbage can icon to delete the removed system from the Clustered Systems table. Then follow the instructions

2 af 4

23-03-2012 13:18

High Availability

http://balancer.barracuda.com/cgi-mod/view_help.cgi?password=5c78...

above to add the new system to the cluster. Or, to remove all cluster parameters from the remaining system: 1. On the Advanced > High Availability page, clear the Cluster Shared Secret and Cluster Group ID fields. Click Save Changes. 2. The system will restart and the login screen will appear. Sign in and navigate to the same page. 3. Click the garbage can icon to delete the other system from the Clustered Systems table. To update the firmware of clustered Barracuda Load Balancers: Update the passive system first. On the passive system: 1. If the passive system is also the backup system, go to the Advanced > High Availability page and set Failback Mode to Manual. This ensures that the transfer of control from one system to the other does not happen while the firmware update is in process. 2. Go to the Advanced > Firmware Update page and follow the instructions there to update the firmware. When the update is complete and the passive system is running the new firmware, update the firmware on the active system. When all updates are complete, you can failback to the primary system, if desired, by either: Changing Failback Mode to Automatic, or Clicking Failback in the Clustered Systems table. If a cluster exists, both Barracuda Load Balancers in the cluster are listed.

Source IP Address in a Clustered Environment

By default, the source IP address of traffic sent from the Barracuda Load Balancer is its WAN IP address. If this Barracuda Load Balancer is clustered, the WAN IP address is not shared between the two clustered systems. To use the same source IP address in the event of failover, implement one of the following two options. The changes made will be propagated automatically to the passive system.

Option 1
On the active system, create a custom virtual interface that associates an externallyaccessible IP address with the WAN port. Use this IP address to create a source NAT rule. This interface will be used by the backup system if failover occurs. Steps for Option 1: 1. On the Advanced > Advanced IP Config page, in the Custom Virtual Interfaces table, create a custom interface by filling in the fields: IP/Network Address and Netmask an externally-accessible IP address and netmask (may be on the same subnet as the WAN IP address) Service/Interface Name e.g. SNAT IP Address Port Select WAN from the list. 2. In the Source Network Address Translation table, create a source NAT rule by entering values for: Internal Address, Netmask Enter an internal IP address and netmask. Usually this is the Real Server network. Outbound Address The externally-accessible IP address from step 1. Port Select the WAN port.

3 af 4

23-03-2012 13:18

High Availability

http://balancer.barracuda.com/cgi-mod/view_help.cgi?password=5c78...

Option 2
On the active system, remove the default rule that uses the WAN IP address as the source IP address, and turn on IP masquerading for the Real Servers. Steps for Option 2: 1. On the Advanced > Advanced IP Config page, in the Source Network Address Translation table, delete the rule mapping the LAN IP address to the WAN IP address. 2. Set Enable IP Masquerading for Real Servers to Yes.

4 af 4

23-03-2012 13:18