HA feature overview
FortiADC appliances can be deployed as standalone units or as high availability (HA) clusters. A cluster is two or more nodes. A node is an instance of the appliance/system. In a cluster, one node is the primary node, also called the master node. The other members of the cluster are secondary nodes, also called slave nodes.
The system selects the primary node based on the following criteria:
• Override setting (prefers priority to uptime)
• Most available ports
• Highest uptime value
• Lowest device priority number (1 has greater priority than 2)
• Highest-sorting serial number—Serial numbers are sorted by comparing each character from left to right, where 9 and z are the greatest values. The system gives preference to higher values over lower values.
HA solutions depend on two types of communication among cluster members:
• Heartbeats. A cluster node indicates to other nodes in the cluster that it is up and available. The absence of heartbeat traffic indicates the node is not up and is unavailable.
• Synchronization. During initialization, the primary node pushes its configuration (with noted exceptions) to member nodes. After initialization has completed, the nodes synchronize their session tables.
Figure 56 shows an
active-passive cluster in a single network path. In an active-passive cluster, the primary node is the active node that handles all traffic. In the event that the primary node experiences hardware failure or system maintenance,
failover takes place. In failover, the standby node becomes the primary node and processes the traffic that is forwarded along the network path. The new primary node takes the IP addresses of the unresponsive node and notifies the network via ARP to redirect traffic for those virtual MAC addresses (vMAC) to its own network interfaces.
Figure 57 shows an active-passive cluster in a
redundant path. A topology like this is a best practice because it is fully redundant, with no single point of failure. If the gateway, load balancer, or switch were to fail, the failover path is chosen.
Figure 58 shows an
active-active cluster. An active-active cluster supports load-balancing and failover among up to eight member nodes. The routers on either side of the cluster must be configured to use equal cost multipath (ECMP) to distribute traffic to the FortiADC cluster nodes. All nodes actively receive and forward traffic. The primary node has a special role. It pushes its configuration to member nodes. The primary node also handles all firewall-only traffic, and it acts as the failover node for all of the other nodes in the cluster. The failover mechanism is the same as an active-passive deployment, with the primary node acting as the standby node for all other cluster members. If a member node fails, the primary node takes the IP addresses of the unresponsive node and notifies the network via ARP to redirect traffic for that vMAC to its own network interfaces. For example, in
Figure 58, node1 is the primary node. If node2 were to fail, its traffic would failover to node1. If node3 were to fail, its traffic would also failover to node1. If the primary node were to fail, a new primary node would be elected, and it would function as the master in all respects, including its role as the new standby node for failover from all other cluster members.
