Gateway and Tunnel HA Options

Overview

The Aviatrix Controller monitors your cloud networking deployment, detects problems, and handles failover resolution automatically. There are 3 options to choose from when deploying Aviatrix in a highly available architecture:

HA Option Recovery Time *
Single AZ Gateway 4-5 minutes
Backup Gateway 1-2 minutes
Backup Gateway and Tunnel(s) ~30 seconds

* Recovery times vary based on many factors including the number of tunnels established.

These options give you the flexiblity to select the one that meets your requirements for recovery time. For production environments, a quicker recovery time is typically very important. But, for development environments, a longer delay is acceptable. With Aviatrix HA, you can mix and match these options in your deployment to meet your needs.

As the recovery time decreases, there may be additional costs to consider. Single AZ has no additional costs. Backup Gateway will incur additional EC2 instance charges (for the additional gateway provisioned). Backup Gateway and Tunnel(s) will incur additional EC2 costs and additional tunnel costs.

How is a Gateway or Tunnel Determined to be Down?

See more details here.

HA Options

Single AZ Gateway

Note

The recovery time for this option is approximately 4-5 minutes.

imageGwSingleAZ imageTimer5Min

The gateway is actively monitored by the Controller. If there is a problem with the gateway or tunnel(s):

  1. A new gateway is provisioned in the same availability zone
  2. Any configured tunnels are established from the new gateway to their respective terminating gateway
  3. An email notification is sent to the administrator

Backup Gateway

Note

The recovery time for this option is approximately 1-2 minutes.

imageGwBackup imageTimer2Min

A backup gateway in a different availability zone is created when this option is enabled. There are no tunnels terminating with the backup gateway and it does not have its own EIP.

If a problem with the primary gateway or connected tunnel(s) is detected:

  1. The EIP is moved to the backup gateway from the active.
  2. Tunnels currently connected to the primary gateway are rebuilt on the backup gateway.
  3. An email notification is sent to the administrator.

Backup Gateway and Tunnel(s)

Note

The recovery time for this option is approximately 1-2 seconds

imageGwBackupTunnel imageTimer30Sec

This is similar to the “backup gateway” option except that the backup gateway has its own EIP and active tunnel(s). The backup gateway and tunnels are provisioned when HA is enabled for this gateway.

If a problem with the primary gateway or connected tunnel(s) is detected:

  1. Update the routing table in the VPC/VNet so the target for routes is the backup gateway.
  2. An email notification is sent to the administrator.

Deployment Guide

Deploying your desired HA model is simple. Follow these steps to enable HA on your gateway:

  1. Login to the Controller

  2. Click on the Gateway navigation item

  3. Select the gateway in the table and click the Edit link in the upper right

    imageEditGW

  4. Follow the steps below for the desired HA option

    • Single AZ HA

      Click the Enable button below Gateway Single AZ HA

      imageEnableSingleAZ

    • Backup Gateway HA

      1. Scroll to Gateway for High Availability

      2. Select the subnet where the backup gateway should be deployed

        Tip

        Select a availability zone that is different from where your primary gateway is installed.

      3. Click the Enable HA button

      imageEnableBackupGW

    • Backup Gateway and Tunnel HA

      1. Scroll to Gateway for High Availability Peering

      2. Select the subnet where the backup gateway should be deployed

        Tip

        Select a availability zone that is different from where your primary gateway is installed.

      3. Click the +Create button

      imageEnableBackupGWAndTunnel