CONFIG HA CREATE

Level

maintenance+modify

History

sendarp Appears in 9 0 0
interfaceslipflop appears in 9 0 1
tokentimeout appears in 9 0 4
MulticastAddr appears in 2 0 0
LACPWhenPassive appears in 2 6 0
ConnOlderThan appears in 3 2 0
SynchronizationDelay appears in 3 5 0
Forward=Assoc appears in 3 9 0

Description

Initialize an HA cluster

Usage

password=<ha password> ifname=<interface user name> [ifname2=<interface user name>]
[priority=<0-9999>] [forward=<All|None|Connections|Tcp|Udp|SIP|Assoc>]
[waitingpeertimeout=<0-9999>] [SynchronizationDelay=<0-9999>] [purgearp=<0|1>] [sendarp=<0|1>]
[sendarpperiod=<1-9999>] [secure=<0|1>] [nbping=(0-300)]
[interfacesflipflop=<0-20000>] [tokentimeout=<1-99999>] [MulticastAddr=<multicast IPv4>] [LACPWhenPassive=<0|1>] [ConnOlderThan=<integer>]

Returns

Error code

Remark

Interfaces are expected to be ethernet or vlan interfaces

Argument "forward" specifies what list of connected elements must be kept synchronized between firewalls
Value "connections" for the argument "forward" means TCP/UDP connections
Default value for "forward" is All

Argument "peer_waiting_timeout" indicates how long each firewall must wait at boot before considering their peer as offline is given in seconds
Default value for "peer_waiting_timeout" is 10s

Argument "purge_arp" indicates if the ARP table must be purged when the firewall becomes active (default is 0)

send_arp and send_arp_period defines if an ARP packet must be send periodically by the active firewall as a reminder for other machines (default: 0, default period: 5s)

If secure is set to 1, connections sync packets will be encrypted However you may experience reduced performances (default is 0)

nbping indicates how many ICMP requests must be sent once Corosync consider the peer to be dead This is used to confirm that the Corosync notification wasn't a false-positive due to an overload on the peer ICMP requests are sent with an interval of 50ms Set this value to 0 to disable the confirmation mechanism
interfacesflipflop indicates how long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive This is intended to reduce issues with the ARP tables of switchs during user-requested HA swaps when using a bridged network configuration Bringing non-HA interfaces down should force the switchs to flush their ARP tables This approach does not work with all switchs (default is 1000, 0 to disable)
tokentimeout indicates how long Corosync must wait when it doesn't get any message from the peer(s) Once this delay is passed, Corosync will notify Stated Stated will then try to ping the peer If Stated doesn't get any reply either, the local firewall will become active
MulticastAddr indicates the multicast address used for Corosync communication between firewalls
LACPWhenPassive indicates if the passive firewall should take part to the lacp negociation or re-negociate lacp when swap happens
ConnOlderThan indicates that connections living less than this value (in seconds) won't be synchronized

Example

CONFIG HA CREATE password=password ifname=vlan0
CONFIG HA CREATE password=karamba ifname=ethernet3 forward=Connections,SIP