High Availability Setup on Amazon Web Service

High Availability Setup on Amazon Web Service

book

Article ID: CTX137357

calendar_today

Updated On:

Description

This article describes the design perspective of High Availability (HA) on Amazon Web Service (AWS) environment.

Background

AWS does not support Gratuitous Address Resolution Protocol (GARP), Virtual Local Area Network (VLAN) or any Layer-2 (L2) functionalities like bridging. Two virtual machines belonging to different customers can be scheduled on the same host sharing the Network Interface Cards (NIC). NetScaler high availability setup depends on GARP to send out new MAC addresses after failover. Since this action is not supported by AWS, a new methodology termed Elastic Network Interface (ENI) is incorporated. ENI includes an IP address, MAC and security group (if any), and Port rules (if any). When an ENI moves, all associated attributes including MAC, IzP, and firewall rules (if any) move with ENI.

High Availability Pair Set Up on Amazon Web Service

Set up a NetScaler high availability pair with one appliance having three or more ENIs, and second appliance having only one ENI. In both appliances, the first ENI is dedicated to Management (NSIP). The primary appliance owns all Traffic ENIs. In the following example, eth1 and eth2 are the traffic ENIs.

For example, in AWS console, under Instances, the primary appliance is shown in the following screenshots:

User-added image

User-added image

User-added image

User-added image

The following screenshot illustrates the ENI configuration of the secondary appliance:

User-added image

In a high availability setup, the appliance with more ENIs automatically becomes the primary appliance. The other node with only the management ENI becomes the secondary appliance.

High Availability Failover

When a failover is initiated, the traffic ENIs move from failing instance to the primary ENI. The current architecture of AWS dictates the moving of ENIs between the primary and the secondary appliances within or upto 30 seconds. After the ENIs are associated with the NetScaler instances, high availability setup looks similar to regular high availability setup.

After the failover is completed, the new primary appliance should contain three or more ENIs (depending on the ENIs originally configured).

Identity and Access Management (IAM): When you configure two NetScaler appliances in a high availability setup, ensure that the IAM user (Access Key and Secret Key) is the same on both the appliances. If not, the high availability failover does not work.

 

Issue/Introduction

This article describes the design perspective of High Availability (HA) on Amazon Web Service (AWS) environment.
Powered by Wolken Software