High Availability on vmIAG 17.0.73

views: 1637 | comments: 9 | added to Favorites 0

Lights on | 提示：支持键盘翻页<-左右->

Topic

admin last was approved 01 Jul 2024 09:08

hriandy

Created: 29 Jun 2024 02:00

Summary:

Hello, I'm currently in the middle of LAB for my next POC I'm using 2 vm IAG 17.0.73 and want to do HA active-standby mode, here's what i configure before activating HA : IAG MAIN :deployment : Sing ...

Reply

jerome_itable Posted 03 Jul 2024 08:46

The behavior you're encountering with your Sangfor IAG HA setup in active-standby mode suggests some configuration issues.

Here's a breakdown of the problems and potential solutions:

Secondary Device Issues:

License Loss:  The secondary device losing its license after HA activation is a major issue. Licenses are typically tied to the device's hardware identifier (MAC address, serial number), and in HA, only the active device should actively utilize the license.

GUI Inaccessibility & Ping Failure: This indicates potential communication problems between the secondary device and the network. The secondary shouldn't lose internet access completely, but its role might change during failover.

IP Address Change:  The secondary device's eth0 IP address changing to the main device's eth0 IP address is not normal behavior.  Both devices in HA should have unique IP addresses.

Potential Solutions:

License Activation: Double-check the license activation process for the secondary device. Ensure it's activated with its own unique license key. Consult Sangfor documentation or support for specific instructions on activating licenses in an HA environment.

Network Connectivity: Verify network connectivity for the secondary device. Check firewall rules, routing configurations, and ensure proper communication exists between the secondary device and the network.

HA Interface Configuration:  Review your HA interface configuration. The secondary device's network interface used for HA communication (typically separate from management and data interfaces) might be misconfigured.

Newbie290036 Posted 02 Jul 2024 19:35

I think there is a misconfiguration or an issue with the HA setup process for your IAG (Intelligent Access Gateway) devices. Please check this.

Zonger Posted 02 Jul 2024 18:02

It is misconfiguration in the HA setup of your IAG VMs. In an HA active-standby configuration, the secondary device should not lose its license or experience network interface IP conflicts.

pmateus Posted 02 Jul 2024 16:50

Hi,

I think on active-standby mode the standby device will be on failed state with the configurations of the active device. So if the active device fail, the standby will assume the the active role with the same ips.

Thanks

Enrico Vanzetto Posted 02 Jul 2024 16:15

Hi, It seems like there could be an issue with the High Availability (HA) setup of your IAG Virtual Machines (VMs). In an active-standby HA configuration, the secondary device shouldn’t lose its license or encounter IP conflicts on the network interface.

Make sure that the HA configuration designates unique virtual IP addresses for failover and that both VMs are accurately configured with distinct management and network interfaces.

Double-check the HA settings on both devices, ensuring that the secondary device is correctly set as the standby and isn’t prematurely trying to take over the primary’s IP address.

Inspect for any inconsistencies in the network settings or potential IP conflicts that might lead to the secondary device losing connectivity and its license status.

mdamores Posted 02 Jul 2024 14:45

Hi,

Please check if the secondary device is configured as standby and both devices have unique network interface and management IP address to avoid conflict. Also, make sure that HA setup of your IAG is in HA active-standby mode.

Farina Ahmed Posted 02 Jul 2024 13:52

It appears there might be a misconfiguration in the HA setup of your IAG VMs. In an HA active-standby configuration, the secondary device should not lose its license or experience network interface IP conflicts. Ensure that the HA configuration specifies unique virtual IP addresses for failover and that both VMs are correctly configured with separate management and network interfaces. Verify the HA settings on both devices, making sure that the secondary device is properly set as the standby and not trying to assume the primary's IP address prematurely. Check for any discrepancies in the network settings or potential IP conflicts that might cause the secondary device to lose connectivity and license status.

Prosi Posted 02 Jul 2024 12:15

Thank you for sharing

vesogi7900 Posted 01 Jul 2024 12:58

It sounds like you’re encountering some issues with your HA setup. Here are a few things to check and try:

1. HA Configuration: Ensure that both devices have the correct HA configuration. This includes setting the correct HA roles (active and standby) and ensuring that the HA settings are identical on both devices.
2. Network Interfaces: Verify that the network interfaces are correctly configured and that there are no IP address conflicts. The issue with the secondary device taking the MAIN device’s IP address on eth0 suggests a possible misconfiguration.
3. License Synchronization: Make sure that the licenses are properly synchronized between the two devices. Sometimes, the secondary device might lose its license if there is a communication issue or if the licenses are not correctly applied.
4. HA Heartbeat: Check the HA heartbeat configuration. Ensure that the heartbeat interfaces are correctly connected and that there is no network issue causing the heartbeat to fail.
5. Logs and Diagnostics: Review the logs on both devices to see if there are any error messages or warnings that could provide more insight into the issue. This can help identify if there are any specific problems with the HA setup.
6. Documentation and Support: Refer to the official documentation for IAG 17.0.73 to ensure that all steps are correctly followed. If the issue persists, consider reaching out to Sangfor support for more detailed assistance.

Here are some general steps for configuring HA in active-standby mode12:

* Connect HA Ports: Ensure that the HA ports on both devices are connected.
* Configure HA Settings: Set the HA mode to active-standby and configure the HA group ID.
* Synchronize Configuration: Ensure that the configuration is synchronized between the primary and secondary devices.
* Monitor HA Status: After activating HA, monitor the status to ensure that both devices are correctly recognizing each other and that the failover mechanism is working as expected.

Sangfor Community Terms of Use

Last updated: July 2020

Sangfor Technologies ("Sangfor") welcomes you.

The Sangfor Community ("Community"), developed by Sangfor, is provided to enable users to share knowledge, exchange comments and suggestions on Sangfor products.

This Terms of Use is an agreement between you and Sangfor Community on requirements for users during access to the Community and on liability held by Sangfor on managing user's access. Please read the Terms of Use carefully. If you do not agree to all the terms, you may not access the Community. By registering on the Community site, using or visiting the Community, you agree to all the terms in this Terms of Use.

Requirements for Posting Topic

1. Topic Title is Clear
You are expected to write a topic title clearly to make it easy to understand, rather than offering a meaningless or ambiguous title.
2. Question is Specific
The content is specific and detailed when you are posting a topic or reply. The more detailed the topic, the more easily and accurately others can understand.
3. Such a Topic Does Not Exist
Before posting a question or suggestion topic, check whether similar topic already exists. You may post a second one if the existing answers are unsatisfying.
4. Topic Category is Accurate
Check whether the topic is categorized correctly. Choosing a correct category can help you receive a satisfying answer more quickly.
5. Choose A Best Answer
If there is any answer that you think is the best, choose one.
6. Show Gratitude
You are expected to show gratitude to the members who have replied to your question. Pick a best answer and make positive comments on other replies to show your respect for their help.
7. Mutual Respect
Post a topic in a friendly tone, instead of in a blaming or reproaching tone. You may not mock or look down upon repliers but appreciate them in writing answers sincerely.

Contents Approval and Block

1. Blocked Contents
Topics or replies containing any item listed below will be blocked:
a) Content related to product price and specification that are offered through presale hotline or other where online. i.e., How much is an IAM-1200 unit? How high a bandwidth is supported?
b) Contact information, i.e., contact me through QQ account 12345678.
c) Tendency to sell, resell, buy commodities or give gifts, i.e., Any one wants to buy a second-hand device?
d) Misleading or derogatory remarks related to ethnic minorities.
e) Duplicate contents submitted in a short period of time.
f) Job recruitment or hunting contents.
g) Real product information such as customer name, IP address of device, etc. i.e., Customer: XXX Company, Device IP address: 1.1.1.1

2. Prohibited Contents
Postings (topics, posts, comments and articles) containing any items of the following are prohibited and will be deleted.
a) Contents involving pornography, violence or terror, including:
Any content that describes sex organs, behaviors or psychology in detail.
Any content that propagates pornographic images or materials.
Any content that describes violent behaviors, experience and feelings in detail.
Any content that describes terrorist incidents and subjective opinions in detail.
Any content that induces others to meet face to face and have sex or to engage in prostitution.
Any content that tries to hire or induce others to engage in violent activities.
Any content that threatens others.
Any hyperlink linked to any item above.

b) Advertising, massive or duplicate contents linked to a same website, with any of the following purposes:
Boosting web traffic by guiding others to visit certain website or forum.
Engaging in transactions of any item (including virtual commodity, currency, etc.) in the name of certain profit organization or individual.
Advertising or organizing pyramid selling.
Any hyperlink linked to any item above.

c) Reactionary contents, including:
Any content that shows negative views on the current laws and regulations governing the nation.
Any content that disturbs public order or provokes dispute against a nationality, race, religion, region, etc.
Any content that attacks government sectors and officials, propagates feudal superstition and evil cults.
Any hyperlink linked to any item above.

d) Content involves personal attack, defamatory and fraudulent information, including:
Any content that infringes on legal rights of others such as rights of portrait and privacy, humiliates others and cause physical and mental harm to them.
Any content that impairs the reputation of social communities or organizations.
Any hyperlink linked to any item above.

e) Content violates ethics rules, including:
Any content that violates ethics rules and propagates negative values.
Any content that induces others to commit suicide or describes methods of committing suicide in detail.
Any content that discriminates against and disparages the weak, such as the disabled, the elderly and the poor.
Any content that teaches others how to infringe on other's rights, for example, how to hack others' computers, how to cheat others.
Any content that propagates or encourages unethical acts such as teacher-student love affairs, extramarital affairs, incest, etc.
Any content that makes others repulsive or unpleasant.
Any hyperlink linked to any item above.

f) Malicious, meaningless, irrelevant contents, including:
Malicious, meaningless or irrelevant discussion topics.
Replies contain contents or format of contents that make others unable to browse posts.
Duplicate question topics posted in a short period of time.
Duplicate replies to different question topics, which are irrelevant.
Meaningless questions or answers.
Repetitive and valueless coin transfers from one ID to another.
Other irrelevant and meaningless contents.

g) Content involves crime and violation of laws or propagates criminal offenses, including:
Any content that induces or gathers others to engage in gambling activities or propagates bribery.
Any content that contains fraudulent information.
Any content that goes against laws or regulations of the People's Republic of China.
Any hyperlink linked to any item above.

h) Other contents that may violate any law or regulation
Such as content that violates regulations prescribed in Measures for Security Protection Administration of the International Networking of Computer Information Networks, Administrative Measures for Internet Information Services, Management Provisions on Electronic Bulletin Services in Internet, Decision of Preserving Computer Network Security, Administrative Provisions for the Internet News Information Services, or disseminate, spread or transmit any kinds of the following information by other means, including:
Any content that is against the basic principles prescribed and set by the Constitution in the People's Republic of China.
Any content that undermines state security, discloses state secret, subverts government or impairs national unity.
Any content that harms the reputation and interests of the nation.
Any content that incites ethnic hatred or ethnic discrimination or harms the national unity.
Any content that destructs the state's religious policies or propagates evil cult and feudal superstition.
Any content that spreads rumors, disrupts public order, or endangers social stability.
Any content that spreads obscenity, pornography, gambling, violence, murder and terror, or instigates others to commit any crime.
Any content that insults or slanders others or infringes upon legal rights of others.
Any content that incites unlawful assembly, association, procession, demonstration, or gather crowds to disturb public order.
Any act of participating in or organizing activities in the name of unlawful non-government organizations.
Any fraudulent, harmful, threatening, harassing, slandering, vulgar, obscene, or repulsive content.
Other contents restricted or prohibited by any or applicable laws or regulations and effective conventions in the People's Republic of China.

i) Other improper contents

Account Management

Sangfor reserves the right to delete accounts with which users conduct any of the following inappropriate acts:
1. Posting topic or reply that contains any item listed in Blocked Contents or in Prohibited Contents.
2. Discourteous acts, including but not limited to copying, personal attack, disguising as administrator or damaging administrator's reputation, disguising as other members or stealing others' accounts, or using others' signatures, or contents or format of contents in post that make others unable to browse posts properly, or other acts that disturb public order.

Criticisms and Suggestions

Sangfor strives to create an open and integrated platform with joint efforts of all the members and welcomes valuable suggestions and advice, as well as criticisms on Sangfor and Sangfor products. Your feedback in the Community will be replied in time and forwarded to specific department of Sangfor and be solved as soon as possible. However, prohibited contents of deliberate attack against Sangfor and Sangfor products, once discovered, will be deleted immediately.

1. Constructive Suggestions and Criticisms
a) Point out existing bugs or issues of a certain product.
b) List strengths and weaknesses of Sangfor product by comparing with other vendors' products and give rational comments or suggestions.
c) File complaints against Sangfor products.
d) Describe emotional disappointment on Sangfor product because of issues or defects in that product.
2. Non-constructive Suggestions and Criticisms
a) Valueless and subjective attacks against Sangfor and Sangfor products.
b) Compare Sangfor products with those of other vendors in an unfair, unjust and unopen manner, with a purpose of deliberately denigrating Sangfor and Sangfor products or promoting other vendors' products.
c) Attack Sangfor and Sangfor products for other commercial purposes.

Privacy Policy

Sangfor Technologies (Hong Kong) Limited (collectively, "We" and "our") attaches great importance to the security of your personal data seriously. Collecting, using, sharing or transferring of your personal data may be conducted upon you visit our website, use our products and/or services based on your consent, contract relationship or any applicable legal ground.

SANGFOR Privacy Policy (hereinafter referred to as "this Policy") represents how we collect, use, store, transfer your personal data as well as your legitimate rights to access, update, delete, and protect your personal data.

You are required to get fully understanding of this Policy before submitting your personal data to SANGFOR. This Policy applies to SANGFOR websites, products, services that display or provide links to this Policy.

SANGFOR will ensure that any personal data we collect about you will be held and processed strictly in accordance with the European General Data Protection Regulation (GDPR) which become effective on 25th May 2018.

Considering SANGFOR provides various kinds of products and services, this Policy may not cover all possible scenarios for personal data processing. Any specific data relating to the processing of personal data in the context of SANGFOR's products or services may be described in the privacy policy of related products or services or may be released in any notice that is given during the collection of data.

1. Collection and use your personal data.

"Personal data" means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

The aforementioned personal data maybe be collected by your behavior of using of our products, services, or when you interact with us, such as visiting our website, registering relevant accounts, participating in our events. Besides, by using cookie and other similar technologies, our websites may indirectly record your personal data. When you use SANGFOR website, we may collect certain data automatically from your computers or devices (including mobile devices). The data we collect automatically may include your IP address, device type, operating system, unique device identifiers, browser-type, browser language, geographic location and other technical information. We may also collect data about how your device has communicated with SANGFOR Website, including the pages viewed, the links clicked, the amount of time spent on particular pages, mouse hovers, the date and time of the interaction, error logs, referring and exit pages and URLs, and similar information. We use this information only for our analytical purposes, and to improve the quality, relevance, and security of SANGFOR website.

Our website collects and uses personal data through the following methods:

1) Tracking

Our website uses analytics tool such as Google Analytics (GA) to track user interaction. We use this data to determine the number of people using our site, to better understand how you found us, how you are using our website and to see the journey you took through the website. All of these are used only in the purpose of improving our website to provide you with the best user experience. Disabling cookies on your internet browser will stop Google Analytics from tracking any part of your visit to pages within this website.

2) Registration Form

When you choose to use SANGFOR community rather than just browsing, you are required to fill in a registration form to create a community account, the data that you supply includes names, usernames, phone numbers, email addresses and region information associated with your account, will be submitted to our database on AWS and under full protection of AWS encryption. AWS is based in the USA and is EU-US Privacy Shield compliant. A backup server of SANGFOR Community is based in Hong Kong only for the sake of disaster recovery.
AWS (Privacy Policy)

3) Email Newsletters

If you choose to join our email newsletter or if provided with your email during an event or other circumstances, the email address that you submit to us will be forwarded and stored in MailChimp which provide us with email marketing services. The email address that you submit will not be stored within this website's own database or in any of our internal computer systems, except for the purpose of importing the data into Mailchimp.

Your email address will remain within MailChimp's database for as long as we continue to use MailChimp's services for email marketing or until you specifically request removal from the list. You can do this by unsubscribing using the unsubscribe links contained in any email newsletters that we send you or by requesting removal via email. If you are under 16 years of age you MUST obtain parental consent before joining our email newsletter. While your email address remains within the MailChimp database, you may receive periodic newsletter emails from us.

We use several third parties to process personal data on our behalf. These third parties have been carefully chosen and all of them comply with the GDPR legislation. All two of these third parties are based in the USA and are EU-US Privacy Shield compliant.
1) Mailchimp (Privacy policy)
2) SurveyMonkey (Privacy policy)

We may collect your personal data for the business purposes such as sending solicited information about a specific item or information about products or Company, perform market research & analytics to improve our services & product offerings. Besides, we may supply such above personal data to third parties for business purposes or marketing based on your consent.

Should the purposes of using your personal data are not included in this Policy, we will obtain your prior consent before we implementing the relevant purpose. Moreover, you are entitled to withdraw your consent at any time in compliance with the laws and regulations, but this maybe cause the function limitation of the website, product or service.

Please be fully noted that we are entitled to collect and use your personal data without your prior consent under any of the corresponding circumstances in compliance with any applicable laws and regulations.

2. Cookies and Other Similar Technologies

Like most sites, we use technologies that are essentially small data files placed on your computer, tablet, mobile phone, or other devices (referred to collectively as a "device") that allow us to record certain pieces of data whenever you visit or interact with our sites, services, applications, messaging, and tools, and to recognize you across devices.

The specific names and types of the cookies, unique identifiers, and similar technologies we use to collect data (e.g. about the pages you view, the links you click, and other actions you take on our Services, within our advertising or e-mail content) may change from time to time. To help you better understand this Policy and our use of such technologies we have provided the following limited terminology and definitions:

Cookies - Small text files (typically made up of letters and numbers) placed in the memory of your browser or device when you visit a website or view a message. Cookies allow a website to recognize a particular device or browser.

Similar technologies - Technologies that store personal data in your browser or device utilizing local shared objects or local storage, such as flash cookies, HTML 5 cookies, and other web application software methods. These technologies can operate across all your browsers, and in some instances may not be fully managed by your browser and may require management directly through your installed applications or device. We do not use these technologies for storing personal data to target advertising to you on or off our sites.

We may use the terms "cookies" or "similar technologies" interchangeably in our policies to refer to all technologies that we may use to store data in your browser or device or that collect data or help us identify you in the manners described above.

3. Rights to your personal data

If you submit your personal data to us, please ensure the accuracy of such data. If your personal data has changed (for instance, your address has been changed), you are obliged to update your personal data in a timely manner.

For requirements by applicable laws, you may: (1) have access to your personal data we have held; (2) update or correct any of your inaccurate personal data; (3) restrict or object to allow us to process your personal data; and (4) require us to erase your personal data, and (5) require us to comply with your request for data portability (6) withdraw your consent at any time which will not affect the lawfulness of processing based on consent before (7) lodge a complaint with the corresponding supervisory authority.

When you claim the said rights, we may require you to submit a written request and may verify your identity. Usually, we do not charge anything for such processes unless your request goes beyond the limit of conventional requirements.

4. Protection and Storage of Personal data

We recognize the need to ensure that personal information gathered via this website remains secure. Our site has security measures in place to protect against the loss, misuse, and alteration of the personal information under our control. Our security measures include the use of a hardware firewall to prevent unauthorized access. You acknowledge that although we exercise adequate care and security, there remains a risk that information transmitted over the Internet and stored by computer may be intercepted or accessed by an unauthorized third-party.

Your Personal Data will be stored on our database as long as you continuing use your community account. With your consent, any data we use for lawful purpose(s) for which it was obtained will be kept with us until you notify us that you no longer wish to use the functions of SANGFOR community and would like to delete your account permanently.

5. Cross-border Transfer of Personal data

Generally, we will process your personal data in the country/region where you use our products or services. However, we may transfer your personal data to Hong Kong China, Malaysia and USA that may have different laws for the protection of personal data.

6. Breach Notification

In line with the GDPR, where a breach is known to have occurred which is likely to result in a risk to the rights and freedoms of individuals, the relevant Data Protection Authority (DPA) will be informed within 72 hours, unless the personal data breach is unlikely to result in a risk to the rights and freedoms of natural persons. Where the notification to the supervisory authority is not made within 72 hours, Sangfor informs the supervisory authority of the reasons for the delay. This will be managed in accordance with our Information Security Incident Response Procedure which sets out the overall process of handling information security incidents.

7. Update of this Policy

This privacy policy may change from time to time in line with legislation or industry developments. We will not explicitly inform our clients or website users of these changes. Instead, we recommend that you check this page occasionally for any policy changes.

8. Contact Us
If you have any question about this Policy or have any request or query for your personal data, please send an email to community@sangfor.com to contact us.