In the Active-Passive mode, one of the servers operates as the master node that processes traffic and the rest act as backup. On each of the cluster nodes, network interfaces are selected to which the administrator assigns virtual IP addresses. Transmitted between these interfaces are VRRP advertisements --- messages that nodes use to exchange information about their state.
Note
The Active-Passive mode supports user session synchronization, which provides user-transparent traffic switching between nodes, except for the sessions that use a proxy (e.g., HTTP/S).
When a backup server assumes the master role, all virtual IP address of all cluster interfaces are transferred to it. An unconditional role transfer occurs under the following circumstances:
-
A backup server gets no confirmation that the master node is online - for example, if it is offline or the nodes are unavailable on the network.
-
Internet connectivity checking is configured on the node (see section Gateway Configuration), and there is no Internet access through any of the gateways.
If the host specified in the network checker properties is unavailable at all cluster nodes, the HA cluster will be brought offline.
-
A software fault has occurred in UserGate.
When one or more network interfaces that are assigned virtual IP addresses go offline, this will lower the node's priority but not necessarily cause a change in the server's role. Transition to a backup node will occur if that node has a higher priority than the master node. By default, the master node has a priority of 250, while a backup node has a priority of 249. A node's priority is decreased by 2 for each cluster interface that has no physical connectivity to the network. Therefore, for a two-node HA cluster, if one network interface on the master node loses the physical connectivity to the network, the master role will be transferred to the backup server, provided that all its cluster interfaces have network connectivity (the priority value will be 248 for the master and 249 for the backup in that case). When the physical connectivity on the original master node is restored, that node will assume the master role again because its priority value will return to 250 (this is true in the case where virtual addresses are configured on two or more network interfaces; if there is only one such interface, the node will not re-assume the master role).
If one or more cluster network interfaces go offline on a backup node, the node's priority will be lowered, but it will nevertheless be able to become the master in case of an unconditional role transfer or when the master node's priority drops below the priority of this backup node.
Note
If cluster IP addresses are assigned to VLAN interfaces, the lack of connectivity on a physical interface will be interpreted by the HA cluster as a connectivity loss on all VLAN interfaces created on that physical interface.
Note
To reduce the time it takes for the network equipment to switch the traffic to a backup node, UserGate servers send an internal GARP notification (Gratuitous ARP) to inform the network equipment of a MAC address change for all virtual IP addresses. A UserGate server sends a GARP packet every minute and when the master role is transferred to a backup server.
An example network diagram for a HA cluster in the Active-Passive mode is shown below. The network interfaces are configured as follows:
-
Trusted zone: IP1, IP2, IP3, IP4, and IP cluster (Trusted).
-
Untrusted zone: IP5, IP6, IP7, IP8, and IP cluster (Untrusted).
-
Cluster zone: IP9, IP10, IP11, IP12, IP13, and IP14. The interfaces in the Cluster zone are used for settings replication.
Both cluster IP addresses reside on the UG1 node. If the UG1 node goes offline, both cluster IP addresses will migrate to the next server, which becomes the master --- e.g., UG2.
Figure 1 - A HA cluster in the Active-Passive mode