CONFIG HA CREATE
Level
maintenance,modify
History
sendarp Appears in Netasq 9.0.0
interfaceslipflop appears in Netasq 9.0.1
tokentimeout appears in 9.0.4
MulticastAddr appears in 2.0.0
LACPWhenPassive appears in 2.6.0
ConnOlderThan appears in 3.2.0
SynchronizationDelay appears in 3.5.0
DelayConnUpd replaces ConnOlderThan in 4.0.0
LACPMembersHaveWeight appears in 3.10.0
FailoverMembersHaveWeight appears in 4.3.0
BroadcastMembersHaveWeight appears in 4.8.0
Unicast appears in 4.8.0
SynchronizeMacAddress appears in 4.8.0
Description
Initialize an HA cluster
Usage
password=<ha password> ifname=<interface user name>
[ifname2=<interface user name>]
[priority=<0-9999>]
[waitingpeertimeout=<0-9999>]
[SynchronizationDelay=<0-9999>]
[purgearp=<0|1>]
[sendarp=<0|1>]
[sendarpperiod=<1-9999>]
[secure=<0|1>]
[nbping=(0-300)]
[interfacesflipflop=<0-20000>]
[tokentimeout=<1-99999>]
[MulticastAddr=<multicast IPv4>]
[LACPWhenPassive=<0|1>]
[DelayConnUpd=<integer>]
[LACPMembersHaveWeight=<0|1>]
[FailoverMembersHaveWeight=<0|1>]
[BroadcastMembersHaveWeight=<0|1>]
[Unicast=<0|1>]
[SynchronizeMacAddress=<0|1>]
Returns
Error code
Remark
Interfaces are expected to be ethernet or vlan interfaces.
Argument "peer_waiting_timeout" indicates how long each firewall must wait at boot
before considering their peer as offline. is given in seconds.
Default value for "peer_waiting_timeout" is 10s.
Argument "purge_arp" indicates if the ARP table must be purged when the firewall
becomes active (default is 0).
send_arp and send_arp_period defines if an ARP packet must be send periodically by the active
firewall as a reminder for other machines (default: 0, default period: 5s).
If secure is set to 1, connections sync packets will be encrypted. However you may experience reduced performances (default is 0)
nbping indicates how many ICMP requests must be sent once Corosync consider the peer to be dead. This is used to confirm that the Corosync notification wasn't a false-positive due to an overload on the peer. ICMP requests are sent with an interval of 50ms. Set this value to 0 to disable the confirmation mechanism.
interfacesflipflop indicates how long, in milliseconds, non-HA interfaces must go down when the firewall becomes passive. This is intended to reduce issues with the ARP tables of switchs during user-requested HA swaps when using a bridged network configuration. Bringing non-HA interfaces down should force the switchs to flush their ARP tables. This approach does not work with all switchs. (default is 1000, 0 to disable)
tokentimeout indicates how long Corosync must wait when it doesn't get any message from the peer(s). Once this delay is passed, Corosync will notify Stated. Stated will then try to ping the peer. If Stated doesn't get any reply either, the local firewall will become active.
MulticastAddr indicates the multicast address used for Corosync communication between firewalls
LACPWhenPassive indicates if the passive firewall should take part to the lacp negociation or re-negociate lacp when swap happens.
DelayConnUpd indicates that connections living less than this value (in seconds) won't be synchronized.
LACPMembersHaveWeight indicates if the LACP members are included in the quality computation.
FailoverMembersHaveWeight indicates if the Failover members are included in the quality computation.
BroadcastMembersHaveWeight indicates if the Broadcast members are included in the quality computation.
Unicast tells whether Unicast should be used instead of Multicast.
SynchronizeMacAddress tells whether mac addresses should be kept synchronised between the peers.
Example
CONFIG HA CREATE password=password ifname=vlan0