Link Search Menu Expand Document

Deployment - EdgeHA

EdgeHA mode is a high availability cluster configuration that provides appliance redundancy by pairing two EdgeConnect devices together.

When a deployment profile configures two EdgeConnect appliances in EdgeHA mode, the resilient cluster acts as a single logical system. It extends the robust SD-WAN multipathing capabilities such as Business Intent Overlays seamlessly across the two devices as if they were one entity.

With EdgeHA mode, a WAN uplink is physically plugged into a single one of the EdgeConnect appliances but is available to both in the cluster. For WAN connections that perform NAT (for example, a consumer-grade Broadband Internet connection), it means that only a single Public IP needs to be provisioned in order for both EdgeConnect devices in the EdgeHA cluster to be able to build Business Intent Overlays using that transport resource.

NOTE: EdgeHA does not support Active/Active deployments (that is, equal-cost multi-path [ECMP] routing). Active/Passive deployments are supported; the primary EdgeHA appliance carries all traffic to and from the LAN side of the EdgeHA cluster. You can configure Active/Standby (Backup) by using Virtual Router Redundancy Protocol (VRRP), Border Gateway Protocol (BGP), Open Shortest Path First (OSPF) protocol, or Bidirectional Forwarding Detection (BFD) protocol.

Enable EdgeHA Mode

  1. In the appliance tree, select the appliance, and then right-click to select Deployment from the contextual menu. The appliance’s Deployment page appears.

  2. Select the EdgeHA check box.

  3. Configure the interfaces (LAN and WAN–side) on both EdgeConnect devices to reflect the WAN connections that are plugged into each one of the respective appliances.

    NOTE: Both EdgeConnect devices will be able to leverage all WAN connections regardless of which chassis they are physically plugged into. It is, however, important to match the deployment profile interface configuration to the actual chassis the WAN connection is physically, directly connected to.

  4. Select the physical ports on the respective EdgeConnect appliances that you will connect to each other using an Ethernet cable (RJ-45 twisted pair or SR optical fiber).

    NOTE: You can choose any LAN or WAN port combination for this HA Link that is available on the respective EdgeConnect chassis. You must match the media type and speed for both ends of the HA link. (For example, 1 Gigabit-Ethernet RJ-45 to RJ-45 or 10 Gigabit-Ethernet multimode fiber LC-connector-to-LC-connector). Also, note that you cannot use MGMT ports for the HA Link; only LAN or WAN ports.

IPSec over UDP Tunnel Configuration

For both EdgeConnect appliances in a high availability cluster to be able to share a common transport connection, you must set the tunnel type to IPSec over UDP mode.

See Tunnel Settings in the Orchestrator (Orchestrator > Orchestrator Server > Tools > Tunnel Settings).

NOTE: If you are deploying a network with EdgeConnect appliances running VXOA 8.1.6 or higher and Orchestrator 8.2 or higher, the tunnel type is already set to IPSec over UDP mode by default.

VRRP Configuration

Typically, in a branch site deployment, you will choose to configure the cluster with a VRRP protocol and assign a VIP (virtual IP) address to the cluster.

  • Set the VRRP priority of the preferred LAN-side Primary EdgeConnect to 128.

  • Set the other, Secondary appliance’s VRRP priority to 127.

LAN-side Monitoring

The IP SLA feature should be configured to monitor the LAN-side VRRP state in order to automatically disable subnet sharing from that appliance in the case of a LAN link failure.

For more information, refer to the IP SLA configuration guide.


Back to top

© Copyright 2024 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to HPE Aruba Networking EULA.

Open Source Code:

Hewlett Packard Enterprise Company
Attn: General Counsel
WW Corporate Headquarters
1701 E Mossy Oaks Rd Spring, TX 77389
United States of America