UGMC supports two types of clusters:
-
Configuration cluster. Nodes combined into a configuration cluster support unified configuration within the cluster.
-
High-availability (HA) cluster. Up to 4 configuration cluster nodes can be combined into a HA cluster that supports the Active-Active or Active-Passive operation modes.
Note
When deploying an MC in failover mode, you must configure both the configuration cluster and the HA cluster.
A number of settings are specific to each cluster node, e.g., network interface configuration and IP addressing. The node-specific settings are listed below:
|
Name |
Description |
|---|---|
|
Node-specific settings |
Diagnostics settings Network interface settings Gateway settings Routes |
To create a configuration cluster, follow these steps:
|
Task |
Description |
|---|---|
|
Step 1. Perform initial configuration on the first cluster node. |
See chapter Initial Configuration. |
|
Step 2. On the first cluster node, configure the zone containing the network interfaces through which cluster replication will be carried out. |
In the Zones section, create a new dedicated zone for cluster settings replication. Allow the following services in the zone's settings:
Do not use zones whose interfaces are connected to untrusted networks (e.g., the Internet) for replication. |
|
Step 3. Specify the IP address that will be used to communicate with other cluster nodes. |
In the Device management section, go to the Configuration cluster pane, select the current cluster node, and click Edit. Specify the IP address of an interface located in the zone you configured at Step 2. |
|
Step 4. Generate a Master node secret on the first cluster node. |
In the Device management section, press the Generate secret code button. Copy the resulting code to the clipboard. This master node secret is required for one-time authorization of a second node before adding it to the cluster. |
|
Step 5. Connect a second node to the cluster. |
A second and subsequent nodes are added to the cluster during their initialization. If the initialization has already been performed, reboot the device and perform a factory reset. Connect to the web console of the second cluster node and select the installation language. Specify the network interface that will be used to connect to the first cluster node and assign it an IP address. Both cluster nodes must reside in the same subnet - e.g., as is the case when the port2 interfaces of the two nodes are assigned IP addresses 192.168.100.5/24 and 192.168.100.6/24, respectively. Otherwise, you need to specify the IP address of the gateway through which the first cluster node will be accessible. Specify the IP address of the first node configured at Step 3, enter the master node secret, and press the Connect button. If the IP addresses of the cluster configured at Step 2 are assigned correctly, the second node will be added to the cluster, and all the settings from the first cluster node will be replicated on the second one. |
|
Step 6. Assign zones to the second node's network interfaces. |
In the web console for the second cluster node, go to the Network --> Interfaces and assign a correct zone to each network interface. The zones and their settings are obtained as a result of data replication from the first cluster node. |
|
Step 7. (Optional) Configure the node-specific settings for each cluster node. |
Configure the gateways, routes, and other settings specific to each cluster node. |
Up to four configuration cluster nodes can be combined into a HA cluster. There can be multiple HA clusters. Two modes are supported, Active-Active and Active-Passive.
In the Active-Passive mode, one of the servers operates as the master node that processes traffic and the rest act as backup. One or more virtual IP addresses are specified for the cluster. The virtual addresses are switched from the master node to one of the backup nodes under the following circumstances:
-
A backup server gets no confirmation that the master instance is online - for example, if it is offline or the nodes are unavailable on the network.
-
Internet connectivity checking is configured on the master node.
-
A software fault has occurred in UserGate.
An example network diagram for a HA cluster in the Active-Passive mode is shown below. The network interfaces are configured as follows:
-
Trusted zone: IP1, IP2, IP3, IP4, and IP cluster (Trusted).
-
Management zone: interfaces in this zone are used to manage the UGMC nodes.
The cluster IP address resides on the UGMC 1 node. If the UGMC 1 node goes offline, the cluster IP address will migrate to the next server, which becomes the master - e.g., UGMC 2.
In the Active-Active mode, one of the servers operates as the master node that distributes the traffic among all other cluster nodes. Since the cluster IP address resides on the master node, that node responds to client ARP requests. By consecutively serving MAC addresses of all HA cluster nodes, the master node ensures uniform traffic distribution between all cluster nodes taking account of the need to provide user session continuity. One or more virtual IP addresses are specified for the cluster. The master role is assumed by one of the backup nodes under the following circumstances:
-
A backup server gets no confirmation that the master instance is online - for example, if it is offline or the nodes are unavailable on the network.
-
Internet connectivity checking is configured on the master instance.
-
A software fault has occurred in UserGate.
An example network diagram for a HA cluster in the Active-Active mode is shown below. The network interfaces are configured as follows:
-
Trusted zone: IP1, IP2, IP3, IP4, and IP cluster (Trusted).
-
Management zone: interfaces in this zone are used to manage the UGMC nodes.
The cluster IP address resides on the UGMC 1 node, which is the master. The traffic is distributed between all cluster nodes. If the UGMC 1 node goes offline, the master role and the cluster IP address will migrate to the next server, e.g., UGMC 2.
To create a HA cluster, follow these steps:
|
Task |
Description |
|---|---|
|
Step 1. Create a configuration cluster. |
Create a configuration cluster as described in the previous step. |
|
Step 2. Configure zones whose interfaces will participate in the HA cluster. |
In the Zones section, you should allow the VRRP service for all zones where virtual cluster IP addresses are to be added (the Trusted zone on the above diagrams). |
|
Step 3. Create a new HA cluster. |
In the Device management --> HA cluster section, click Add and configure the settings for the new HA cluster. |
The settings for a HA cluster are listed below:
|
Name |
Description |
|---|---|
|
Enabled |
Enable or disable the HA cluster. |
|
Name |
The name of the HA cluster. |
|
Description |
A description of the HA cluster. |
|
Mode |
The HA cluster operating mode:
|
|
HA cluster multicast ID |
Multiple HA clusters can be created in a single configuration cluster. Session synchronization uses a specific multicast address defined by this parameter. A unique ID must be assigned to each group of HA clusters that requires session synchronization support within the group. |
|
Virtual router ID (VRID) |
The VRID must be unique to each VRRP cluster in the local network. If there are no 3rd party VRRP clusters in the network, it is recommended to keep the default setting. |
|
Nodes |
Select the configuration cluster nodes to combine into an HA cluster. Here you can also assign the master role to one of the selected nodes. |
|
Virtual IPs |
Assign virtual IP addresses and map them to the interfaces of the cluster nodes. |