Q: What is L3 Master redundancy for a Branch Office Controller, how to configure and how to verify ?
A: What is L3 redundancy (Master) for BOC
- Starting from AOS 6.4.4 BOC can have a backup master situated at a different geographical location
- Secondary master will allow layer 3 redundancy by being ready to take over incase primary master is not reachable
- HCM will monitor secondary master as well
- Support for manual switchover to backup master is also available
How to configure
There is a new option added in AOS 6.4.4 ,
- “Configure Layer 3 Redundant(Secondary ) Master
- “Enter Branch Secondary Master Switch IP address”
We can configure secondary master switch IP through DHCP/Activate/Mini-setup/full-setup
How Switch over will takes place
- HCM will probe both master controllers
- When primary master goes unreachable , HCM will notify FPAPPS which will trigger a timer based on switchover timer settings (default 15 min)
- If primary master is reachable within 15 min , NO action is taken , else , FPAPPS will inform cfgm which will trigger a switchover
- After flushing config and global config ID , branch will now reload to get configuration from secondary master
- Branch config and global config id is synced with new master and then branch reload again to apply controller-ip received via new master
- IKE will re-establish new IPSec tunnel to the new master
- If previous master becomes reachable , it will then act as secondary master
NOTE: branch-config and whitelist db needs to be manually synced between primary and secondary master
How to verify
In BOC, we can verify whether BOC is reachable to secondary Master controller or not.
How to Manually switch over to secondary Master
In BOC, we have to select “Switchover” option from Configuration-->System Settings.
A new action command is added in BOC to select manual switchover
How to set Switchover Time and how to verify the same
In Master controller, we can set the switchover time through “Smart Config” menu.
