Portal stateful failover
Overview
Stateful failover supports hot backup of services on two devices. Stateful failover can be configured on key devices to avoid service interruptions caused by single point failures. When operating normally, the two devices synchronize service information. If one device fails, the other device takes over the services.
To implement stateful failover, specify a dedicated VLAN (called the "backup VLAN") on each device for stateful failover packets. When both a failover link and a backup VLAN are configured, add the physical ports at the two ends of the failover link to the backup VLAN. For more information about the stateful failover feature, see High Availability Configuration Guide.
Figure 43: Network diagram for portal stateful failover configuration
As shown in Figure 43, users have to pass portal authentication to access the Internet. To avoid portal service interruption caused by single point failures, deploy two access devices (Gateway A and Gateway B) and configure the portal stateful failover function so that they back up the portal online user information of each other through the failover link. If either one (Gateway A or Gateway B) fails, the other can guarantee the normal data communication of the online portal users and perform portal authentication for new portal users.
Basic concepts
Device states:
Independence—A stable running status of a device when it does not establish the failover link with the other device.
Synchronization—A stable running status of a device when it establishes the failover link with the other device successfully and is ready for data backup.
User modes:
Stand-alone—The user data is stored on the local device only. Currently, the local device is in independence state or it is in synchronization state but has not synchronized the user data to the peer device yet.
Primary—The user logs in from the local device, and the user data is generated on the local device. The local device is in synchronization state and ready for receiving and processing packets from the server.
Secondary—The user logs in from the peer device, and the user data is synchronized from the peer device to the local device. The local device is in synchronization state. It only receives and processes the synchronization messages and does not process packets from the server.