Hello,
I want to deploy HA on a two node cluster of packetshapers 1700s, with the lastest firmware and identical configurations.
I have a single WAN link/router. Now that hot standy seems to be gone (after version 7.4), can i deploy direct standby on the two shapers using a single link?
Or should i downgrade to 7.4 and deploy hot standby?
Will it work? Or more important, is it worth it?
I want to do it not only to get a level of HA, but also because i don't want to waste the investment done on the second shaper.
TIA
Alex
Packeteer's Technical Exchange
A forum for sharing ideas.
HA direct standby vs hot standby
Moderator: Moderators
5 posts • Page 1 of 1
HA direct standby vs hot standby
by net_shark on Thu Apr 22, 2010 6:43 am
- net_shark
- Posts: 2
- Joined: Tue Mar 09, 2010 1:51 am
Re: HA direct standby vs hot standby
by StuartM on Thu Apr 22, 2010 12:29 pm
Direct standby is not supported on a PS1700. Direct standby requires an additional port pair so that the devices can communicate directly. Unlike with hot standby, this needs to be a dedicated port. The PacketShaper 1700 does not have this extra port pair built in and is not expandable so you cannot add an interface card.
- StuartM
- Posts: 505
- Joined: Wed Jul 16, 2003 9:07 am
Re: HA direct standby vs hot standby
by Norbert on Fri Apr 23, 2010 12:21 am
Alex,
While Hot Standby is not available any more, you can easily mimic this by placing your two PS1700 in parallel between two switches and turning on Spanning Tree between them. Make sure the bypass jumpers are removed from the Shapers to really break the connection when it fails.
If your units are connected to a Router with a Single interface and/or there is no money for a managed switchs you can also use a $20 workgroup switch and let your Core switch do the STA.
As with Hot standby, you will not have measurement redundancy and most active flows will not be classified properly initially. Direct Standby overcomes these limitations, but as Stuart correctly comments it is not supported on the PS1700 anyway.
Norbert
While Hot Standby is not available any more, you can easily mimic this by placing your two PS1700 in parallel between two switches and turning on Spanning Tree between them. Make sure the bypass jumpers are removed from the Shapers to really break the connection when it fails.
If your units are connected to a Router with a Single interface and/or there is no money for a managed switchs you can also use a $20 workgroup switch and let your Core switch do the STA.
As with Hot standby, you will not have measurement redundancy and most active flows will not be classified properly initially. Direct Standby overcomes these limitations, but as Stuart correctly comments it is not supported on the PS1700 anyway.
Norbert
-
Norbert - Posts: 209
- Joined: Thu Aug 21, 2003 7:52 am
Re: HA direct standby vs hot standby
by net_shark on Mon Apr 26, 2010 6:12 am
Thx guys for the input,
StuartM, i didn't read the documentation clearly. My bad. I though the heartbeat network could be deployed through the inside/outside interfaces too. But now that i think of it, your explanation makes perfectly sense.
Norbert, that leaves me with your choice, which is perfectly viable, as i can logicaly break one of the managed switches i have, into 2 extra VLANs, one for the inside network, and other for the outside one. Per VLAN STP in on by default, so i guess i'll try this ASAP.
Thx and regards,
Alex
StuartM, i didn't read the documentation clearly. My bad. I though the heartbeat network could be deployed through the inside/outside interfaces too. But now that i think of it, your explanation makes perfectly sense.
Norbert, that leaves me with your choice, which is perfectly viable, as i can logicaly break one of the managed switches i have, into 2 extra VLANs, one for the inside network, and other for the outside one. Per VLAN STP in on by default, so i guess i'll try this ASAP.
Thx and regards,
Alex
- net_shark
- Posts: 2
- Joined: Tue Mar 09, 2010 1:51 am
Re: HA direct standby vs hot standby
by StuartM on Mon Apr 26, 2010 10:09 am
The purpose of both Hot Standby and Direct Standby is to have all historical data available on both units. The standby unit will collect data and build reports so that if it ever goes active, you will not see any gaps in reporting. By not enabling a standby mode, you will see these gaps in reporting.
I don't think Hot Standby will work in an STP setup and I'm not sure if Hot Standby will work by connecting the management ports directly since I have not tested it. Hopefully, the description below of how Hot Standby works will help if you decide to give that a try:
Hot Standby is meant to be used with a dumb hub in place. Since both PacketShapers are in the same broadcast domain, they will see all packets at all times. The standby unit will process these packets, building reports and discovering traffic classes. However, it will drop inbound and outbound packets just short of forwarding them. With Hot Standby, there is a heartbeat that is emitted over the outside interface, if I remember correctly. The other PacketShaper is able to see it because the interfaces are in the same broadcast domain, due to the hub. If the active unit goes down, the passive unit stops receiving the heartbeat and it goes active. When it goes active, it will begin forwarding packets rather than dropping them after analysis. So with an STP setup, this would not work because the heartbeat would fail to reach the other PacketShaper's outside interface.
Direct Standby works a bit differently. There is no heartbeat. Both units are actually active, forwarding all packets that are received. This would be more ideal for an STP setup. When one of the PacketShapers receives a packet, in addition to analyzing it and forwarding it, it makes a copy (not just state info) and places it on the direct link between the PacketShapers. The other PacketShaper analyzes this copied traffic, but does not forward it. So even in an STP setup, where a PacketShaper is not seeing any real traffic on it's main interfaces, it will see the copied packets on its direct link. It will analyze this traffic, building a class tree and reports. As with Hot Standby, this will result in both PacketShapers building identical class trees and reports. So with Direct Standby, in addition to having one unit active and the other one passive, you can also opt to have both units active. A PacketShaper sees what the other unit in the pair sees via the direct link. Unlike in Hot Standby, you would not want a dumb hub on the main interfaces because both PacketShapers would see the same traffic then place a copy on the direct link. This would result in each PacketShaper seeing every packet twice, doubling your stats and having other side effects when shaping is on (RTO clamping).
I don't think Hot Standby will work in an STP setup and I'm not sure if Hot Standby will work by connecting the management ports directly since I have not tested it. Hopefully, the description below of how Hot Standby works will help if you decide to give that a try:
Hot Standby is meant to be used with a dumb hub in place. Since both PacketShapers are in the same broadcast domain, they will see all packets at all times. The standby unit will process these packets, building reports and discovering traffic classes. However, it will drop inbound and outbound packets just short of forwarding them. With Hot Standby, there is a heartbeat that is emitted over the outside interface, if I remember correctly. The other PacketShaper is able to see it because the interfaces are in the same broadcast domain, due to the hub. If the active unit goes down, the passive unit stops receiving the heartbeat and it goes active. When it goes active, it will begin forwarding packets rather than dropping them after analysis. So with an STP setup, this would not work because the heartbeat would fail to reach the other PacketShaper's outside interface.
Direct Standby works a bit differently. There is no heartbeat. Both units are actually active, forwarding all packets that are received. This would be more ideal for an STP setup. When one of the PacketShapers receives a packet, in addition to analyzing it and forwarding it, it makes a copy (not just state info) and places it on the direct link between the PacketShapers. The other PacketShaper analyzes this copied traffic, but does not forward it. So even in an STP setup, where a PacketShaper is not seeing any real traffic on it's main interfaces, it will see the copied packets on its direct link. It will analyze this traffic, building a class tree and reports. As with Hot Standby, this will result in both PacketShapers building identical class trees and reports. So with Direct Standby, in addition to having one unit active and the other one passive, you can also opt to have both units active. A PacketShaper sees what the other unit in the pair sees via the direct link. Unlike in Hot Standby, you would not want a dumb hub on the main interfaces because both PacketShapers would see the same traffic then place a copy on the direct link. This would result in each PacketShaper seeing every packet twice, doubling your stats and having other side effects when shaping is on (RTO clamping).
- StuartM
- Posts: 505
- Joined: Wed Jul 16, 2003 9:07 am
5 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 1 guest