Jump to content
Welcome to our new Citrix community!

Clarification On Configuring HA Failover on AWS using Public Elastic IP Addresses

Pete Wright

Recommended Posts


I am working on setting up a new pair of ADC systems in AWS.  I have two instances in separate availability zones, and I can successfully failover from one instance to another.  I am a little confused by the documentation though in regards to setting up a public IP on the VIP that will move from node to node during failover events.  My reading of the documentation seems to indicate that I should do the following (using these directions: https://docs.citrix.com/en-us/citrix-adc/current-release/deploying-vpx/deploy-aws/vpx-ha-eip-different-aws-zones.html#how-to-deploy-a-vpx-high-availability-pair-with-elastic-ip-addresses-across-different-aws-zones):


  1.  create an IP Set on both instances
  2.  create an IP of type VIP on both instances
    1.  use the *private* IP associated with the *secondary* node's VIP interface (in my case this interface lives in a public subnet)
  3.  create a vserver using the *private* IP associated with the *primary* node's VIP interface
    1.  this interface has a public elastic IP mapped to the NIC
    2.  associate the IPSet created in step 1 with this vserver


My expectation is that when I execute a failover from the primary instance to the secondary instance the elastic IP would get mapped to the secondary nodes VIP interface.  Yet I'm not seeing this happen in the AWS console.  The public IP remains associated with the primary instances VIP interface.  I did verify that the failover was successful though, and I did not observe any errors in /var/log/cloud-ha-daemon.log indicating AWS API credential or other types of errors.

My question is  -  am I understanding how I should be setting this up correctly?  I've made sure the public IP is mapped to the Elastic Network Interface (not the ec2 instance), so I'm a little confused about what I am mixing up here.

Edited by Pete Wright
After typing this up I was able to get failover working as expected. Please delete.
Link to comment
Share on other sites

  • 1 year later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...