Amer Networks E5Web GUI User Manual

The unique individual IP addresses of the master and slave cannot safely be used for anything
but management. Using them for anything else, such as for source IPs in dynamically NATed
connections or publishing services on them, will inevitably cause problems since unique IPs will
disappear when the security gateway they belong to does.

The Shared IP Must Not Be 0.0.0.0

Assigning the IPv4 address 0.0.0.0 as the shared IP address must be avoided. This is not valid for
this purpose and will cause cOS Core to enter Lockdown Mode.

Failed Interfaces

Failed interfaces will not be detected unless they fail to the point where cOS Core cannot
continue to function. This means that failover will not occur if the active unit can still send "I am
alive" heartbeats to the inactive unit through any of its interfaces, even though one or more
interfaces may be inoperative.

Changing the Cluster ID

Changing the cluster ID in a live environment is not recommended for two reasons. Firstly this
will change the hardware address of the shared IPs and will cause problems for all devices
attached to the local network, as they will keep the old hardware address in their ARP caches
until it times out. Such units would have to have their ARP caches flushed.

Secondly, this breaks the connection between the security gateways in the cluster for as long as
they are using different configurations. This will cause both gateways to go active at the same
time.

Invalid Checksums in Heartbeat Packets

Cluster Heartbeats packets are deliberately created with invalid checksums. This is done so that
they will not be routed. Some routers may flag this invalid checksum in their log messages.

Making OSPF work

If OSPF is being used to determine routing metrics then a cluster cannot be used as the
designated router.

If OSPF is to work then there must be another designated router available in the same OSPF area
as the cluster. Ideally, there will also be a second, backup designated router to provide OSPF
metrics if the main designated router should fail.

PPPoE Tunnels and DHCP Clients

For reasons connected with the shared IP addresses of an HA cluster, PPPoE tunnels and DHCP
clients should not be configured in an HA cluster.

Disabling Heartbeats on Unused Interfaces

It is recommended to disable heartbeats on Ethernet interfaces that are not being used. If this is
not done there is a risk that this could cause repeated failovers or even both units going active
because the HA mechanism will see the unused interface as a failed interface. The higher the
proportion of unused interfaces there are in a cluster, the more pronounced the effect of sending
heartbeats on unused interfaces becomes.

Chapter 11: High Availability

713