Link Search Menu Expand Document

Deployment - EdgeConnect HA

The EdgeConnect High Availability (HA) mode is a high availability cluster configuration that provides appliance redundancy by pairing two EdgeConnect devices together.

When a deployment profile configures two EdgeConnect appliances in EdgeConnect HA mode, the resilient cluster acts as a single logical system. It extends the robust SD-WAN multipathing capabilities such as Business Intent Overlays seamlessly across the two devices as if they were one entity.

With EdgeConnect HA mode, a WAN uplink is physically plugged into a single one of the EdgeConnect appliances but is available to both in the cluster. For WAN connections that perform NAT (for example, a consumer-grade Broadband Internet connection), it means that only a single Public IP needs to be provisioned in order for both EdgeConnect devices in the EdgeConnect HA cluster to be able to build Business Intent Overlays using that transport resource.

Enable EdgeConnect HA Mode

  1. In the appliance tree, select the appliance, and then right-click to select Deployment from the contextual menu. The appliance’s Deployment page appears.

  2. Select the EdgeConnect HA check box.

  3. Configure the interfaces (LAN and WAN–side) on both EdgeConnect devices to reflect the WAN connections that are plugged into each one of the respective appliances.

    NOTE: Both EdgeConnect devices will be able to leverage all WAN connections regardless of which chassis they are physically plugged into. It is, however, important to match the deployment profile interface configuration to the actual chassis the WAN connection is physically, directly connected to.

  4. Select the physical ports on the respective EdgeConnect appliances that you will connect to each other using an Ethernet cable (RJ-45 twisted pair or SR optical fiber).

    NOTE: You can choose any LAN or WAN port combination for this HA Link that is available on the respective EdgeConnect chassis. You must match the media type and speed for both ends of the HA link. (For example, 1 Gigabit-Ethernet RJ-45 to RJ-45 or 10 Gigabit-Ethernet multimode fiber LC-connector-to-LC-connector). Also, note that you cannot use MGMT ports for the HA Link; only LAN or WAN ports.

IPSec over UDP Tunnel Configuration

For both EdgeConnect appliances in a high availability cluster to be able to share a common transport connection, you must set the tunnel type to IPSec over UDP mode.

See Tunnel Settings in the Orchestrator (Orchestrator > Orchestrator Server > Tools > Tunnel Settings).

NOTE: If you are deploying a network with EdgeConnect appliances running VXOA 8.1.6 or higher and Orchestrator 8.2 or higher, the tunnel type is already set to IPSec over UDP mode by default.

VRRP Configuration

Typically, in a branch site deployment, you will choose to configure the cluster with a VRRP protocol and assign a VIP (virtual IP) address to the cluster.

  • Set the VRRP priority of the preferred LAN-side Primary EdgeConnect to 128.

  • Set the other, Secondary appliance’s VRRP priority to 127.

LAN-side Monitoring

The IP SLA feature should be configured to monitor the LAN-side VRRP state in order to automatically disable subnet sharing from that appliance in the case of a LAN link failure.

For more information, refer to the IP SLA configuration guide.

Back to top

© Copyright 2023 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.