This template applies high availability configuration to the Thunder instances in the same availability zone having interface in different subnet or across different availability zones. It automatically synchronizes Thunder configurations between the active and standby Thunder instances. In the event of a failover, it designates the other Thunder instance as active to ensure uninterrupted traffic routing. For this functionality, it is essential for both Thunder instances to have identical resources and configurations.
Thunder instances should have the same ACOS versions; otherwise, traffic flow will be disrupted.
To configure HA Across AZs for Thunder instances, perform the following steps:
Configure a new or an existing FTP server. For more information, see Configure the FTP server.
Alternatively, from ACOS 6.0.5 onwards, you can attach an IAM role to the Thunder device, which can be used to fetch the AWS access key and secret key.
Download A10-vThunder_ADC-CONFIGURATION > HIGH-AVAILABILITY-ACROSS-AZs template from GitHub.
Open the HA_Across_AZs_CONFIG_PARAM.json with a text editor.
| NOTE: | Each parameter has a default value mentioned in the parameter file which can be modified as required. |
Configure the following parameters:
|
Resource Name |
Description |
|||
|---|---|---|---|---|
|
Instance IDs |
Specify the EC2 instance ID list in the same order as the Public IP addresses. "instanceIdList":["XXXXXXXXXX","XXXXXXXXXX"], To get the EC2 Instance ID, go to AWS > <region_name> > EC2 > Instances > <instance_id>. |
|||
|
ftpServerName |
Specify the name of the FTP server to upload keys. "ftpServerName":"ftp-server", |
|||
|
DNS |
Specify a domain namespace. "dns": {
"value": "8.8.8.8"
},
|
|||
|
Network Gateway IP for Active vThunder |
Specify a Network Gateway IP of active vThunder instance. The gateway IP is the first IP address of the management subnet, such as 10.0.1.1 in the configuration. You can configure multiple network gateway IPs for different routing paths. "rib-list_active": [
{
"ip-dest-addr": "0.0.0.0",
"ip-mask": "/0",
"ip-nexthop-ipv4": [
{
"ip-next-hop": "10.0.1.1"
}
]
},
{
"ip-dest-addr": "10.0.8.0",
"ip-mask": "/24",
"ip-nexthop-ipv4": [
{
"ip-next-hop": "10.0.3.1"
}
]
}
]
|
|||
|
Network Gateway IP for Standby vThunder |
Specify a Network Gateway IP of standby vThunder instance. The gateway IP is the first IP address of the management subnet, such as 10.0.1.1 in the configuration. You can configure multiple network gateway IPs for different routing paths. "rib-list_standby": [
{
"ip-dest-addr": "0.0.0.0",
"ip-mask": "/0",
"ip-nexthop-ipv4": [{
"ip-next-hop": "10.0.4.1"
}]
},
{
"ip-dest-addr": "10.0.8.0",
"ip-mask": "/24",
"ip-nexthop-ipv4": [{
"ip-next-hop": "10.0.6.1"
}]
}
]
|
|||
|
VRRP-A |
Specify the value as 1 to enable VRRP-A. "vrrp-a": {
"set-id":1
},
|
|||
|
Terminal Idle Timeout |
Specify the interval in minutes for closing connection when there is no input detected. The value '0' means never timeout. "terminal": {
"idle-timeout":0
},
|
|||
|
VRID details for Active vThunder |
Specify the VRID details for active vThunder instance. The floating IPs present should be pair of data-out IP (FIP) and data-in IP (VIP). The default value of vrid is 0. The default priority for the active vThunder instance is 100. "vrid_list_active": [
{
"vrid-val": 0,
"floating-ip": {
"ip-address-cfg": [
{
"ip-address": "10.0.3.103"
},
{
"ip-address": "10.0.2.121"
}
,{
"ip-address":"30.30.30.30"
},
{
"ip-address": "20.20.20.20"
}
]
},
"blade-parameters": {
"priority": 100
}
}
]
|
|||
|
VRID details for Standby vThunder |
Specify the VRID details for standby vThunder instance. The floating IPs present should be pair of data-out IP (FIP) and data-in IP (VIP). The default value of vrid is 0. The default priority for the standby vThunder instance is 99. "vrid_list_standby": [
{
"vrid-val": 0,
"floating-ip": {
"ip-address-cfg": [
{
"ip-address": "10.0.6.30"
},
{
"ip-address": "10.0.5.205"
}
,{
"ip-address":"30.30.30.30"
},
{
"ip-address": "20.20.20.20"
}
]
},
"blade-parameters": {
"priority": 99
}
}
]
|
|||
|
IP Nat for Active vThunder |
Specify the IP Nat for active vThunder instance. It includes the pool name, starting and ending IP addresses for outbound data, and the netmask. "pool_list_active":[
{
"pool-name":"vrrp_0",
"start-address":"10.0.3.103",
"end-address":"10.0.3.103",
"netmask":"/32"
},{
"pool-name":"vrrp_0_1",
"start-address":"30.30.30.30",
"end-address":"30.30.30.30",
"netmask":"/32"
}]
|
|||
|
IP Nat for Standby vThunder |
Specify the IP Nat for standby vThunder instance. It includes the pool name, starting and ending IP addresses for outbound data, and the netmask. "pool_list_standby":[
{
"pool-name":"vrrp_0",
"start-address":"10.0.6.30",
"end-address":"10.0.6.30",
"netmask":"/32"
},{
"pool-name":"vrrp_0_1",
"start-address":"30.30.30.30",
"end-address":"30.30.30.30",
"netmask":"/32"
}],
|
|||
|
Cloud Services for Active vThunder |
Specify the cloud service information for the active vThunder instance. It includes details for each VRID such as the VIP number, private IP, and attached Elastic IP. If an alien IP is attached, provide the route table ID, data in interface ID, data out interface ID, data in destination CIDR, and data out destination CIDR. If no alien IP is attached, either remove these fields or leave them blank. "cloud_services_cloud_provider_active": {
"multi-az-failover": {
"vrid": {
"vrid-number": 0,
"route-table-id": "rtb-0031384a1b3ce",
"vip-interface-id": "eni-02a4815eb4f4d",
"fip-interface-id": "eni-077c93646f16",
"vip-dest": "20.20.20.0/24",
"fip-dest": "30.30.30.0/24",
"vip-list": [
{
"vip-number": 0,
"private-ip": "10.0.2.121",
"elastic-ip": "3.228.164.96"
}
]
}
}
}
|
|||
|
Cloud Services for Standby vThunder |
Specify the cloud service information for the standby vThunder instance. It includes details for each VRID such as the VIP number, private IP, and attached Elastic IP. If an alien IP is attached, provide the route table ID, data in interface ID, data out interface ID, data in destination CIDR, and data out destination CIDR. If no alien IP is attached, either remove these fields or leave them blank. "cloud_services_cloud_provider_standby": {
"multi-az-failover": {
"vrid": {
"vrid-number": 0,
"route-table-id": "rtb-0031384a15ece",
"vip-interface-id": "eni-0817fcd67e90b3",
"fip-interface-id": "eni-050ff5e5a189e",
"vip-dest": "20.20.20.0/24",
"fip-dest": "30.30.30.0/24",
"vip-list": [
{
"vip-number": 0,
"private-ip": "10.0.5.205",
"elastic-ip": "3.228.164.96"
}
]
}
}
}
|
|||
|
Virtual Server for Active vThunder |
Specify the name of the virtual server for active vThunder instance, along with the port number and protocol, for which the pool name and ha-conn-mirror is to be added. Make sure that the pool name corresponds to the correct outbound data that pairs with the respective virtual server IP address.
"slb_virtual_server_active":[
{
"name":"vip",
"port-list": [{
"port-number":80,
"protocol":"tcp",
"pool":"vrrp_0",
"ha-conn-mirror":0
}]
},
{
"name":"vip1",
"port-list": [{
"port-number":80,
"protocol":"tcp",
"pool":"vrrp_0_1",
"ha-conn-mirror":1
}]
}
]
|
|||
|
Virtual Server for Standby vThunder |
Specify the name of the virtual server for standby vThunder instance, along with the port number and protocol, for which the pool name and ha-conn-mirror is to be added. Make sure that the pool name corresponds to the correct outbound data that pairs with the respective virtual server IP address.
"slb_virtual_server_standby":[
{
"name":"vip",
"port-list": [{
"port-number":80,
"protocol":"tcp",
"pool":"vrrp_0",
"ha-conn-mirror":0
}]
},
{
"name":"vip1",
"port-list": [{
"port-number":80,
"protocol":"tcp",
"pool":"vrrp_0_1",
"ha-conn-mirror":1
}]
}
]
|
Run the following command to configure HA:
PS C:\Users\TestUser\A10-vThunder_ADC-CONFIGURATION\HIGH-AVAILABILITY-ACROSS-AZs> python ./ HA_Across_AZs_CONFIG.py
Provide password for the vThunder instances/s whose IP address is mentioned in the HA_Across_AZs_CONFIG_PARAM.json file.
If HA Across AZs is configured successfully, the following message is displayed:
Authorization for vThunder with IP x.x.x.x Enter vThunder password: Authorization for vThunder with IP x.x.x.x Enter vThunder password: --------------------------------------------------------------------------------- Configuring vThunder with IP x.x.x.x Please note that we support generation of credential through IAM Role attached to instance from ACOS-6.0.5 onward. Does the instance have IAM role attached or not (YES/NO)? Yes Successfully configured Primary DNS. Successfully configured IP Route. Successfully configured Vrrp-A Common. Successfully configured Idle Timeout. Successfully configured Vrrp-A Vrid. Successfully configured Peer Group. Successfully configured IP Nat pool. Successfully configured Cloud Services. Successfully updated SLB Virtual Server vip configuration. Successfully updated SLB Virtual Server vip1 configuration. Configurations are saved on partition: shared Successfully logged out from vThunder. --------------------------------------------------------------------------------- Configuring vThunder with IP x.x.x.x Please note that we support generation of credential through IAM Role attached to instance from ACOS-6.0.5 onward. Does the instance have IAM role attached or not (YES/NO)? Yes Successfully configured Primary DNS. Successfully configured IP Route. Successfully configured Vrrp-A Common. Successfully configured Idle Timeout. Successfully configured Vrrp-A Vrid. Successfully configured Peer Group. Successfully configured IP Nat pool. Successfully configured Cloud Services. Successfully updated SLB Virtual Server vip configuration. Successfully updated SLB Virtual Server vip1 configuration. Configurations are saved on partition: shared Successfully logged out from vThunder. ------------------------------------------------------------------------------