Using two Juniper SA 6000s configured for a highly available cluster has yet to prevent an outage to my experience over the last year. I've heard other people sticking them behind F5s or other load balancers for this same reason.
My main question is how are people implementing an HA setup that actually prevents them from having outages?
Currently both round robin DNS and active/active balancing would have better results for us than using the built in active/passive clustering.
(Currently running 6.0R5 Build 13073)
I have two SA 6000s @ 5.5r5 in a (Active-Passive Cluster) behind two F5's in load balance.
We've been up since Mar 07. No availability issues.
Very basic setup: used primarily as a proxy to our Terminal Server Farm.
I'm a carrier , I've got a pair of 4000 Active-Passive with 60 IVS's running network connect,SAM, and host checker policies.
all is good, the challenge was the configuration for the network connect when failover occures.
this product is one of a kind, i like it very much.
I have a pair for SA 6000 appliances. We were A/A last week... until I switched us to A/P. I view A/P as HA versus A/A. With A/A you can have a problem on one box and lose half your users. If you're using external load balancing and it works accordingly... the users just have severed sessions and can reconnect. However, with round robin, you're stuck... half the users will still get to the downed appliance! For HA, I'd stick with A/P.
Hi, icecream -
I'm a little confused... you have an external load balancer in front of an active/passive cluster? Since one of the boxes in an A/P cluster is always down, what is the F5 box "balancing"?
External load balancers are only required when doing an active/active cluster, and incoming requests don't know which box to hit. In an active/passive cluster, requests come in on the VIP; so whichever box holds the VIP processes the request.
The load balancer might be sending requests to the passive box, resulting in your failures.
Please let me know if this helps.
I have SA6000's clustered in Active/Passive in front of the firewall.
Behind the firewall are my 6509's, the F5's and the Terminal Server Blade Farm.