System Failover
The system failover is switching to a passive system when an active system is in a state of failure(e.g. hardware fault, network problem).
A passive system synchronizes all data from the master database in which is running in an active system by the Database Replication[1] and monitors the active system.
A passive system sends a heartbeat about every 10 seconds to an active system. If the passive does not receive a response from an active system for the Deadtime, the passive system switches the mode to "active".
This system failover enables continuous service and you can connect the management page without changing the URI because a virtual IP is automatically configured in an active system by the failover service.
The failover service in an active system listens on UDP port 6010 to receive a heartbeat from a passive system.
All services in the active and passive devices work as shown in the table below.
| Service | Active System | Passive System |
|---|---|---|
| dhcpv4 | running | running |
| dhcpv6 | running | running |
| radius | running | running |
| logexp | running | running but only saves its Syslog. |
| failover | Configuring a Virtual IP | Monitoring an active system and replicating the database |
| Database | Master | Slave |
Note that, If an active system is recovered from a fault after another system has switched to the active mode, the recovered system switches to passive mode. In other words, The failback[2] does not occur.
Configuration
If you want to apply the failover in your devices, You must configure the System Failover via the CLI and start the failover service on both devices.
System Failover Switch-Over
The following table shows you when a system switches its mode. Several case numbers indicate a Switch-Over condition and you can see them while monitoring the logs of the failover service.
Note that you need to enable the "runtime log" for the failover service to display logs.
| Init mode | Peer Response | Current mode(switched mode) | Case Number |
|---|---|---|---|
| active | no-response | active | C7 |
| zero(initializing) | active | C1, C5 | |
| passive | active | C5 | |
| active | passive | C4 | |
| passive | no-response | active | C6 |
| zero(initializing) | passive | C1, C3 | |
| passive | active | C4 | |
| active | passive | C5 |
System Failover Case Numbers and Conditions
| Case Number | Description |
|---|---|
| C1 | If DEVICE#1 is in an initialization state, and it gets a response from DEVICE#2 that is also initializing, DEVICE#1 switches its mode to the Initial mode configured. |
| C2 | If DEVICE#1 is in an initialization state, and it gets a response from DEVICE#2 that is in either an "active" or "passive" state, DEVICE#1 switches to the opposite mode from DEVICE#2. |
| C3 | If DEVICE#1 is in a "passive" state, and it gets a response from DEVICE#2 that is initializing, DEVICE#1 keeps its current state. |
| C4 | If DEVICE#1 is in either an "active" or "passive" state, and it gets a response from DEVICE#2 that is in the same state as it is, DEVICE#1 switches to the opposite mode from DEVICE#2. Typically this case rarely occurs but it can occur because of the misconfiguring of the system failover(e.g. configuring the same initial mode to both devices). |
| C5 | If DEVICE#1 is in either an "active" or "passive" state, and it gets a response from DEVICE#2 that is in the opposite state as it is, DEVICE#1 keeps its current state. |
| C6 | If DEVICE#1 is in an initialization state, the initial mode is "passive", and it does not get a response from DEVICE#2, DEVICE#1 tries to connect again to DEVICE#2 without switching its mode.
If DEVICE#2 does not respond during the INIT-DEADTIME(60 seconds), DEVICE#1 switches its mode to "active".<be> For this reason, you should start the failover service where the Initial mode is configured to "passive" after running the service where the Initial mode is configured to "active". |
| C7 | If DEVICE#1 is in an initialization state, the initial mode is "active", and it does not get a response from DEVICE#2, DEVICE#1 switches its mode to "active". |
| C8 | If DEVICE#1 is in a "passive" state, and it does not get a response from DEVICE#2, DEVICE#1 tries to connect again to DEVICE#2 without switching its mode.
If DEVICE#2 does not respond during the deadtime configured, DEVICE#1 switches its mode to "active". |
| C9 | It shows you DEVICE#1 is in an "active" state and it does not get a response from DEVICE#2. Note that this case never occurs because a device in an "active" state does not send a message to know the health of another. |
| C10 | If the status of the device's network interface is down, the device switches its mode to a "zero" state. The "zero" indicates that it is in initialization mode. If the state of the device was "active", the device removes the virtual IP address that was set before. |
| C11 | If DEVICE#1 is in a "passive" or initialization state and it gets a response from DEVICE#2 where the System failover is disabled, DEVICE#1 keeps its current state. To fix this problem, you should enable the System failover in DEVICE#2. |
| C12 | If DEVICE#1 is in a "passive" or initialization state and it gets a response with an incorrect shared secret from DEVICE#2. DEVICE#1 keeps its current state. To fix this problem, you should verify the shared secret and change the incorrect one. |
| C13 | It may occur when DEVICE#1 is in an initialization state and the configured initial mode is neither an "active" nor "passive". You should configure the failover again. |