Enabling Gateway and Tunnel High-Availability
Overview
The Aviatrix Controller monitors your cloud networking deployment, detects problems, and handles failover resolution automatically. There are 2 options to choose from when deploying Aviatrix in a highly available architecture.
Gateway High-Availability for Encrypted Peering
When this option is selected, a backup gateway instance will be deployed in a different AZ if available.
If you have built Aviatrix Encrypted Peering and need HA functions for tunnel down fail over, you can select this option. This backup gateway keeps backup VPN tunnels up, ready for fail over.
If you use Aviatrix Gateway for Egress Control function and need HA functions, you should select this option. This option will try to load balance the traffic from different route tables to primary and backup gateways.
If you consider deploying Aviatrix Transit Network, high availability is built into the workflow.
| When using Terraform, this option is described by parameter "peering_ha_subnet" by the resource gateway. |
Gateway High-Availability for Single Availability Zone
When enabled, the Controller monitors the health of the gateway and restarts the gateway if it becomes unreachable. No secondary gateway is launched in this case.
| When using Terraform, this option is described by parameter "single_az_ha" by resource gateway. |
Detecting when a Gateway or Tunnel is down
Aviatrix gateways periodically sends keepalive messages to the Aviatrix Controller, which is used to detect when a gateway is down. For more information, see About Gateway Keepalive.
Gateway Recovery Times
| HA Option | Recovery Time * |
|---|---|
~30 seconds |
|
4-5 minutes |
* Recovery times vary based on many factors including the number of
tunnels established.
These options give you the flexibility to select the one that meets your requirements for recovery time. For production environments, a quicker recovery time is typically very important. But, for development environments, a longer delay is acceptable. With Aviatrix HA, you can mix and match these options in your deployment to meet your needs.
As the recovery time decreases, there may be additional costs to consider. Single AZ has no additional costs. Backup Gateway and Tunnel(s) will incur additional costs (for the additional gateway provisioned).
HA Options
Backup Gateway and Tunnel(s)
|
The recovery time for this option is approximately 30 seconds. |
The backup gateway has its own EIP and active tunnel(s). The backup gateway and tunnels are provisioned when HA is enabled for this gateway.
If a problem with the primary gateway or connected tunnel(s) is detected:
-
Updates the routing table in the VPC/VNet so the target for routes is the backup gateway.
-
An email notification is sent to the administrator.
Single AZ Gateway
|
The recovery time for this option is approximately 4-5 minutes. |
The gateway is actively monitored by the Controller. If there is a problem with the gateway or tunnel(s):
-
The gateway is stopped and started again.
-
Any configured tunnels are established from the new gateway to their respective terminating gateway.
-
An email notification is sent to the administrator.
Deployment Guide
Deploying your desired HA model is simple. Follow these steps to enable HA on your gateway:
-
Log in to the Controller.
-
Click on the Gateway navigation item.
-
Select the gateway in the table and click Edit in the upper right.
-
Follow the steps below for the desired HA option.
-
Backup Gateway and Tunnel HA
-
Scroll to Gateway for High Availability Peering.
-
Select the subnet where the backup gateway should be deployed.
Select an Availability Zone that is different from where your primary gateway is installed.
-
Click +Create button.
-
-
Single AZ HA
Click Enable below Gateway Single AZ HA.
-