Mailing List
Mailing List
Sign Up Here
Like, follow & share: visit DrayTek UK's Facebook page visit DrayTek UK's Twitter page visit DrayTek UK's Linkedin page
DrayTek

High Availability - Hot Standby mode

Products:
Vigor 2925
Vigor 2952
Vigor 3220
Keywords:
Configuration Sync
High Availability
Hot Standby
backup
Show all

 
The DrayTek Vigor 2925 supports High Availability with the 3.8.2 firmware and later. This supports two modes, one is Hot Standby and the other is Active Standby. High Availability allows one or more routers to operate as a backup for a primary router. If that primary router should stop responding or functioning in some aspect, such as all LAN connectivity being lost, the secondary router(s) can take over the operation of routing for the network, with the switch-over occurring within a few seconds, transparently to LAN clients, with any VPNs and other sessions now able to re-establish.
 
For more information on applications of High Availability, please read this article.
 
This guide will demonstrate how to configure High Availability in a Hot Standby configuration, which is used when the secondary router(s) use the same internet connection(s) as the primary router, with the same router configuration. The Configuration Sync feature will be used to simplify the configuration of backup router(s)s.
 
Please Note: Hot Standby mode requires that each router is of the same model and type, this example will use two Vigor 2925 non-wireless routers.
If the routers do not match, for instance a Vigor 2925 router and a Vigor 2925n wireless router, Hot Standby mode and the Config Sync feature cannot be used and backup routers must be configured manually in Active Standby mode.
 
High Availability operates by using a Virtual IP as a LAN gateway for each VLAN that high availability is being used on, this IP address is not assigned directly to any one router and must not be used by other devices on the network.
Each of the routers must have its own IP address for management and whichever router is active at the time advertises its own MAC address via ARP (Address Resolution Protocol) to client PCs as the MAC address for the Virtual IP address. This allows computers on the network to use the virtual IP address as a gateway for internet access and allows high availability to work without needing to reconfigure the gateway address on client PCs, should a failure occur.

1. LAN IP Configuration

This setup example will use two routers, with the network using a gateway IP of 192.168.1.1. In a high availability setup, the gateway address is virtualised so that either router is able to take ownership of it and the Primary and Standby routers are on different IP addresses for management purposes.

  • Gateway (Virtual) IP Address: 192.168.1.1
  • Primary Router IP Address: 192.168.1.2
  • Secondary Router IP Address: 192.168.1.3

This example will be using a single LAN subnet but High Availability can be used with as many LAN subnets as the router supports.

 

2. Configure Primary Router

Access the web interface of the router that will be operating as the primary / active router in the high availability configuration and go to [LAN] > [General Setup]:

Click on the Details Page button for LAN1.

Change the LAN1 IP address so that the router will be on a different IP than the gateway address that the PCs on the network will be using. In this example, the primary router will be using the IP address of 192.168.1.2 for management purposes. The virtual IP that the clients will use as a gateway address is configured in a later step.

Note that the DHCP Server's Gateway IP Address setting remains on 192.168.1.1 and should not be changed.

Click OK to apply the change and restart the router when it prompts to restart.


Once the router is online, access it on the new IP address and go to [System Maintenance] > [Management].

Set the Router Name so that the router can be identified as the Primary router, in this example, the name is set to "Primary":

Click OK to save that setting and restart the router when prompted.


Once the router has restarted, access it again and go to [Applications] > [High Availability]:

To set up a router as the Primary in a High Availability group, configure these settings:

  • Tick "Enable High Availability"
  • Set the Redundancy Method to Hot Standby

Select the General Setup tab:

  • Group ID is used to identify which HA group the routers will be joining. Here we're setting this to "1". If there will be multiple HA groups on the same physical network / location, use different Group ID values to identify each group.
  • Priority ID is used to determine the hierarchy of the routers in the group. Highest Value = Highest Priority. In this example, the Priority ID is set to the highest value of "30" to ensure that it is the primary router in this HA group configuration
  • Authentication Key is a security key used to control membership of the High Availability group. This can be set to any password up to 31 characters in length and must be the same on all members of the HA group
  • Management Interface is the interface used to pass High Availability control information. This is configured to LAN1 in this example because only one LAN subnet is in use. If using multiple subnets on the router(s), a dedicated LAN interface could be selected from the list
  • Update DDNS is used to refresh any Dynamic DNS entries configured on the router when a failover occurs. This is intended for use with Active Standby, where the WAN interfaces and IP addresses may differ. Leave this option disabled when using Hot Standby mode
  • Syslog controls whether High Availability information such as failover occurrences and other events are logged via syslog

In the list of LAN interfaces, enable any LAN interfaces that will be used with High Availability and set the Virtual IP to the IP address that the clients on each network will use as their Gateway IP address.

The Virtual IP used will be set to "192.168.1.1" in this example.

Go to the Config Sync tab to continue:

Tick the option to "Enable Config Sync" and set the sync interval as required, which is the time interval between configuration changes propagating to backup routers.

Click OK and the router will then ask to restart. Allow the router to restart to apply the changes.


3. Configure Secondary Router(s)

Access the web interface of the router that will be operating as the secondary / backup router in the high availability configuration and go to [LAN] > [General Setup] and click on the Details Page button for LAN1.

Change the LAN1 IP address so that the router will be on a different IP than the gateway address that the PCs on the network will be using. In this example, the backup router will be using 192.168.1.3 for management.

Note that the DHCP Server's Gateway IP Address setting remains on 192.168.1.1 and should not be changed.

 

Click OK to apply the change and restart the router when it prompts to restart.


Once the router is online, access it on the new IP address and go to [System Maintenance] > [Management].

Set the Router Name so that the router can be identified as the secondary or backup router, in this example, the name is set to "Secondary":

Click OK to save that setting and restart the router when prompted.


Once the router has restarted, access it again and go to [Applications] > [High Availability]:

To set up a router (or routers) as the Secondary / backup in a High Availability group, configure these settings:

  • Tick "Enable High Availability"
  • Set the Redundancy Method to Hot Standby

Select the General Setup tab:

  • Group ID is used to identify which HA group the routers will be joining. It is recommended to set this to "1". If there will be multiple HA groups on the same physical network / location, use different Group ID values to identify each group
  • Priority ID is used to determine the hierarchy of the routers in the group. Highest Value = Highest Priority. In this example, the Priority ID is set to a value lower than that of the primary router's value of "30", instead using "20" to ensure that it does not over-ride the primary router. For any other secondary routers with lower priority, use a lower number for each to define the order of priority
  • Authentication Key is a security key used to control membership of the High Availability group. This can be set to any password up to 31 characters in length and must be the same on all members of the HA group
  • Management Interface is the interface used to pass High Availability control information. This is configured to LAN1 in this example because only one LAN subnet is in use. If using multiple subnets on the router(s), a dedicated LAN interface could be selected from the list
  • Update DDNS is used to refresh any Dynamic DNS entries configured on the router when a failover occurs. This is intended for use with Active Standby, where the WAN interfaces and IP addresses may differ. Leave this option disabled when using Hot Standby mode
  • Syslog controls whether High Availability information such as failover occurrences and other events are logged via syslog

In the list of LAN interfaces, enable any LAN interfaces that will be used with High Availability and set the Virtual IP to the IP address that the clients on each network will use as their Gateway IP address. The Virtual IP used will be set to "192.168.1.1" in this example, to match the primary router.

Go to the Config Sync tab to continue:

Tick the option to "Enable Config Sync" and set the sync interval as required, which is the time interval between configuration changes propagating to backup routers.
Click OK and the router will then ask to restart. Allow the router to restart to apply the changes.

With this setup completed, the active router should respond on the Virtual IP address, which should then be used as the gateway address by client computers.


4. Perform Initial Config Sync

 

Once there are at least two routers in the High Availability Group, the next step is to perform the initial Configuration Sync between the two routers. To do that, go to [Diagnostics] > [High Availability Status] to check the state of the routers.

This will show the state of the routers, indicating which router is the Primary or Secondary based on the Priority ID specified on each router. The active router is indicated by the O mark in the Status column.

More details on the High Availability Group can be seen by clicking on the Details link.

 


 

In the High Availability Status, the Secondary router(s) should show a Config Sync Status of Progressing. To force this to perform the initial sync, click the Sync button:

Once this has completed, the Config Sync Status of the secondary router will then show Equal:

The secondary router(s) will then restart to apply the full configuration of the primary router (which is why the Stable state now shows "No"). The Config Sync Status will then show Ready for all routers in the High Availability Group, indicating that the configurations are the same on all routers.

The High Availability Group will now be ready for use. If the router(s) use a Content Filtering license or App Enforcement, go to the MyVigor License Sharing section to configure that for High Availability usage.

It is recommended to test this facility once it has been configured to ensure that it operates as expected, check the Testing High Availability section for more information.

DrayTek's High Availability system, when used in Hot Standby mode, requires that each router in High Availability mode is running the same configuration, with the exception of the router name and LAN IP addresses used to manage the routers for each of the LAN / VLAN interfaces configured on the routers.

This simplifies administration of the routers because when a change is made to the primary router, such as a VPN tunnel, Firewall rule or NAT entry, this change is propagated to the backup routers using the Configuration Sync feature.

It is enabled from the [Application] > [High Availability] section under the Config Sync tab:

Enabling this requires using Hot Standby mode and when enabled, the configuration will sync from the primary to the secondary / backup routers in the time interval specified.


To check the state of the Configuration Sync between routers, go to [System Maintenance] > [High Availability Status] which shows diagnostic information for the routers in the High Availability group and the state of the Configuration Sync process.

The initial propagation needs to be performed once High Availability is set up and this requires the Primary router to be stable and showing as the active router in the HA Status list, as indicated below by the "O" symbol in the Status column.

Clicking the Sync button will perform a manual sync outside of the time interval specified in the Config Sync section and will push the configuration to the backup routers. While the configuration is being sent, the state will show as "Progressing" to indicate that the configuration is being sent and the backup routers will reboot once they have received the configuration file and applied it.

 

 

Once the backup routers have applied the new configuration, the Config Sync Status will show as Ready. In the example below, the Secondary router has just applied the new configuration and rebooted itself to apply the configuration changes, which is why the Stable state now shows that the router has restarted recently.

DrayTek routers that are used as part of a High Availability group can use the same MyVigor Content Filtering and Application Enforcement licenses.

This would allow the active router at the time to use the licenses, while backup routers in the HA group would not be able to use the licenses, unless the active router were to go offline. In which case, the backup router that becomes active would then be able to use the MyVigor licenses attached to the group.

To configure this, access your MyVigor account at http://myvigoreu.draytek.com and log in to the account.

Please Note: Sharing license keys between routers in High Availability requires that each router is associated with the same MyVigor account. Once configured, only one router of the group (the active router at the time) will be able to use the associated licenses.

Upon logging in, expand the [My Information] menu and select [High Availability Settings].

To create a new group, click the Add New button:

This will create a new High Availability group entry:

Group Name: Set a suitable name for the group, for instance this could be the location of the router(s) installation

Router's HA Group ID: Select the first available number, this is used to reference the group on the MyVigor system

HA Device 01: Select the router that has the required licenses associated with it. This will be denoted by the (KEY) prefix for that router

HA Device 02-08: Select the routers that will operate as the backup routers in the high availability configuration

Click Save to save and apply that setting.

The High Availability Group should now be visible in the list. To edit the Group settings, click the Set HA Device icon.

With this High Availability Group configured, if a high availability failover occurs, the backup routers will be able to use the licenses available on the primary router.

Once the High Availability group is configured and active, the gateway / virtual IP on the network will be 192.168.1.1 in this example, which will be pointing to the Primary router.

The routers in the High Availability group will communicate status information such as stability and WAN status information, which routers are available and can provide connectivity to the network. This is used to determine which router should be operating as the Active / Primary router. The backup router(s) will be accessible on their management IP addresses and although their WAN interfaces will be physically connected, the WAN interfaces on the backup router(s) will remain offline.

In the example below, the web interface of the virtual IP is accessed to view which router is currently using the Virtual IP, which is indicated by the Router Name and the LAN IP address of each router:

This shows that the primary router is active and it can be accessed either using the virtual IP address or the management IP of 192.168.1.2.


To test failover, send a continuous ping to the virtual IP address of 192.168.1.1 using the command "ping -t 192.168.1.1" in Windows either from the Command Prompt or Windows Start > Run.

The example below shows the expected behaviour of a client PC when the primary router stops responding or its WAN interfaces become unavailable. Within a few seconds, the next highest priority Secondary router will take over the virtual IP address of 192.168.1.1:

When this occurs, the backup router will also bring the connected WAN interfaces online because it is expected that the Primary router will not be using them either due to lack of physical connectivity or the router being offline.


The state can also be checked by accessing the web interface of the virtual IP address, once it has failed over to the secondary router, this is reflected by the Router Name, which now shows as "Secondary" which is how the backup router was named to identify it:

Any computers or devices on the network using 192.168.1.1 as their gateway address would be able to access the internet and re-establish any sessions that were in progress when the failover occurred.

When the Primary router is back online, it will take back the 192.168.1.1 virtual IP address and resume usage of the WAN interfaces. The backup router will disconnect its WAN interfaces so that the Primary router can make use of them.

 

How do you rate this article?

1 1 1 1 1 1 1 1 1 1




Add a comment to this article

In the below box, you can add comments which you consider might be helpful to other users reading this article:

(As you'd like it to appear on the comment)


NOTE : All comments are reviewed before publication and may not be posted or may be redacted if the editors do not consider them helpful. The use of offensive or obscene language, copyrighted material, or advertising or promotion or linking to any other product or service is prohibited. By submitting your comment, you confirm that you are the original author and assign copyright of the content to DrayTek indefinitely and irrevocably.