A summary of things to consider before you configure systems in a High Availability setup.
Summary
Before you configure Application Switches for HA operation, you should consider the following points.
The passwords for the nsroot accounts on both Application Switches in an HA pair must be the same. However, the operating system does not automatically synchronize these passwords. Therefore, when you change the password of the nsroot user account on one Application Switch, you must also perform the change manually on the other Application Switch.
Entries in the configuration file, ns.conf, on both the primary and the secondary Application Switch must match, with the following exceptions:
- The primary and secondary Application Switches must each be configured with their own unique NSIPs. You must use the set ns config CLI command to configure or modify an NSIP address on either Application Switch.
- In an HA pair, the node ID and associated IP address of one Application Switch must point to the other Application Switch.
For example, if you have two Application Switches, NS1 and NS2, then you must configure NS1 with the unique node ID and IP address of NS2, and you must configure NS2 with the unique node ID and IP address of NS1.
If you create or copy a configuration file onto either Application Switch using a method other than direct CLI commands (such as SSL certificates or changes to startup scripts), you must create or copy the configuration file onto both the primary and secondary Application Switches.
You must configure RPC node passwords on both Application Switches in an HA pair. Initially, all Application Switches are configured with the same RPC node password. To enhance security, you should change these default RPC node passwords.
RPC nodes are internal system entities used for system-to-system communication of configuration and session information. One RPC node exists on each Application Switch. This node stores the password, which is checked against the one provided by the contacting Application Switch.
To communicate with other Application Switches, each Application Switch requires knowledge of those Application Switches, including how to authenticate on those Application Switches. RPC nodes maintain this information, which includes the IP addresses of the other Application Switches, and the passwords used to authenticate on each.
RPC nodes are implicitly created by the add ns node and add gslb site commands. You cannot create or delete RPC nodes manually.
To change an RPC node password, use the following command:
> set rpcnode <IP_address> -password <PASSWORD>
For <IP_address>, enter the IP address of the peer node. For <PASSWORD>, enter the password of the same peer node.
To view the list of RPC nodes, type show rpcnodes and press the Enter key, as shown in the following example:
> show rpcnodes
1) IPAddress: 10.102.29.170 Password:
8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28
Retry: 1 SrcIP: 10.102.29.170
Secure: OFF
2) IPAddress: 10.102.29.171 Password:
8a7b474124957776a0cd31b862cbe4d72b5cbd59868a136d4bdeb56cf03b28
Retry: 1 SrcIP: *
Secure: OFF
Done
Note that passwords shown by this command are encrypted, and are stored in the ns.conf file in encrypted format.
If the Application Switches in a high availability setup are configured in one-arm mode, you must disable all system interfaces except the one connected to the switch or hub. To disable interfaces, you use the disable interface command.
When you configure an HA pair, make sure the mapped IP addresses of both the primary and the secondary nodes are exactly the same. If necessary, you can change the mapped IP address at any time by executing the set ns ip command.
More Information
