High Availability Overview

In a general sense, high availability is a network topology feature that ensures mission critical applications are available 100% of the time. This goal is typically accomplished by having multiple access routers with multiple WAN interfaces. PacketShapers can sit in these redundant router topologies and perform their traffic management responsibilities, without disrupting the existing high availability configuration. PacketShaper units integrate in high availability and redundant environments including HSRP (Hot Standby Routing Protocol) and VRRP (Virtual Router Redundancy Protocol).

As part of the high availability solution, you can install PacketShapers in redundant network paths to provide PacketShaper redundancy in case one of the units fails. This capability is called direct standby. It is described more fully below.

Another part of the solution is access-link monitoring. This feature allows the PacketShaper to automatically adjust Inbound and Outbound partition sizes as WAN links go down and back up. In addition, this feature can help prevent link overload that may occur when a load-balancing scheme is less than perfect. See Access-Link Monitoring.

Direct Standby

The direct standby function allows two PacketShapers to work in a redundant network topology, with each unit connected to a different router. The two units are directly connected to each other, through the OUTSIDE port on the upper-most or right-most LAN Expansion Module (LEM). Both units are considered active and each unit can receive and forward traffic. To ensure that both units accumulate the same traffic tree and measurement data, each PacketShaper processes the packets received by the other unit. When a unit directly receives traffic, it will copy that traffic and transmit it to the other unit. The other unit will classify the traffic, just as if it had received it directly, but it will never forward the traffic onward to the LAN. As a result, each unit is ready at any time to take over full PacketShaper responsibility should the other unit go down.

The direct standby feature can operate in a redundant topology that is set up to do load balancing (in other words, traffic flows through both paths) or one that is set up as a backup in case of component failure (traffic flows through one path). When using the direct standby feature in a load-sharing topology, you should set the link speed to the sum of both WAN links. Because each unit receives copied packets from its partner, the PacketShaper must have overall Inbound and Outbound partition sizes that will support that level of extra traffic.

Note: In this situation, you may want to use the access-link monitoring feature (advanced mode) to monitor the routers’ WAN interfaces and avoid oversubscribing the WAN bandwidth.

Additionally, the direct standby feature works well in a topology in which inbound traffic goes through one path and outbound traffic goes through the other. Without the direct connection, PacketWise would classify these flows as asymmetric and would be unable to manage application traffic or take advantage of Packeteer’s TCP rate control, a technology that smoothes bursty traffic. With the direct connection and the direct standby feature, each PacketShaper is able to see both inbound and outbound traffic and manage the traffic appropriately.

To see diagrams of redundant topologies into which PacketShapers can fit, see the Getting Started Guide. For details on configuring a unit for direct standby, see Configure Direct Standby. For special notes about using direct standby, see Direct Standby Notes.

Direct Standby Requirements

The direct standby feature has the following requirements and limitations:

• The following Packeteer features cannot be used in conjunction with the direct standby feature: Frame Relay and ATM.
  
  
• All models except the PacketShaper 1400: the units must be directly connected to the OUTSIDE ports on the upper-most or right-most LEM. In other words, if the PacketShaper has two LEMs, the upper or right LEM must be used for the direct connection. This LEM cannot be configured for compression.
  
  
• If you plan to deploy PacketShaper 1400 models in a direct standby configuration, please contact Packeteer Customer Support for assistance.
  
  
• When compression and direct standby are both enabled, Packeteer recommends that automatic reprobe mode be used on Xpress units at all branch offices. See setup compression reprobe.
  
  
• Both units must be running the same version of PacketWise and have the same plug-ins installed.
  
  
• Both units must have the same configuration limits. For example, both units must be 256-class PacketShaper 2500s. You should not mix units with different capacities since the units will be passing the same traffic and require identical configurations.
  
  
• Both units must have identical hardware configuration: the same Packeteer model, link speed, installed memory, number of LEMs installed, and type of LEMs (fiber optic vs. copper Ethernet).
  
  
• If there is any difference in the two partner units, the direct standby feature will not function optimally.
  
  
• The bypass relays in the PacketShaper and all LEMs must be disabled in order to use the direct standby feature (not applicable to the PacketShaper 1400). Instructions for disabling the bypass relays are in the Getting Started Guide.
  
  
• Because the bypass relays have been disabled, PacketShapers should not be powered off when they sit in a redundant configuration — doing so will cause loss of connectivity on that link and all traffic will be routed to the other path.
  
  
• The direct link connection between the two PacketShapers must be equal to or greater in speed than each of the WAN links. This requirement ensures that each unit receives copies from the other unit fast enough to prevent out-of-order packets.
  
  
• The two units must have the same touch password for the direct connection to be established.
  
  
• A customer portal IP address should not be configured when running PacketWise 7.4.0 (support began in version 7.4.1).
  
  
• The following types of packets are not copied over the direct connection: broadcast/multicast/unicast packets, attack packets, and IPComp control packets (when using Xpress).
  
  
• Link state mirroring (described below) is automatically enabled when direct standby is enabled if the redundant management link is connected.

Link State Mirroring

With link state mirroring, PacketWise will bring down the second port of a NIC pair if the first goes down. This feature allows each PacketShaper to sit between a WAN router and a switch without blocking detection of switch outages by the router. Link state mirroring is automatically enabled when direct standby is enabled and the redundant management link is connected. You can enable/disable link state mirroring on the System Variables setup page.

Note: Link state mirroring is not active on the LEM being used for the direct link; this allows you to disconnect the redundant management port without impacting connectivity. However, link state mirroring is disabled when the redundant management link is disconnected.

Access-Link Monitoring

Redundant network configurations typically involve some type of load-balancing or load-sharing scheme that determines how traffic is distributed across the available WAN links. In some configurations, the load-balancing scheme may be unable to enforce distribution of traffic so that each available WAN link is utilized 100%, nor can it ensure that no links will ever be overloaded. In addition, there is always the potential that any given link or router could go down, reducing the total available capacity to the WAN links remaining.

Packeteer’s access-link monitoring feature allows PacketShaper to deal with this “imperfect” load-balancing issue and has the ability to respond to the occurrence of WAN link failure. When access-link monitoring is enabled, PacketWise can adjust partitions appropriately to prevent overloading any given WAN link and to account for lost available capacity due to router or link failure. Access-link monitoring has two modes: basic and advanced.

When the basic mode is enabled, the PacketShaper polls the configured router(s) every 30 seconds to assess the WAN interface status (link up or link down) of the WAN link interfaces. If a link goes down, PacketWise will automatically adjust the total available capacity by subtracting out the capacity of the down link. As part of this process, it will adjust the access link size and resize Inbound and/or Outbound partitions to reflect the available bandwidth.

When advanced mode is enabled, PacketWise can help prevent the overloading of an interface. The PacketShaper will use SNMP polling to assess the actual throughput of each configured WAN link interface; the configured routers are polled every 30 seconds. When an interface approaches 25% of its configured capacity, PacketWise will begin pacing the traffic sent to the router to prevent overloading any interface. This pacing will also greatly reduce the number of retransmissions. PacketWise begins adjusting the partition sizes early in order to ensure gradual, smooth adjustments, as well as to give you time to modify policies if desired. PacketWise will poll the router frequently, and once there is evidence that the links are out of danger of being overloaded, it will gradually increase the size of the partition(s).

Note: In order to have the ability to adjust partition sizes (a critical part of the access-link monitoring feature), you must have a PacketShaper unit with traffic shaping enabled.

MIB Variables Polled by the Access-Link Monitoring Feature

As mentioned previously, the access-link monitoring feature uses SNMP polling to assess the interface status and throughout. The following MIB variables are requested in both basic and advanced mode:

• sysName — name that identifies the router
• ifName — name that identifies the interface
• ifOperStatus — indicates if the given interface is up or down
• ifSpeed — link speed

In advanced mode, the following additional MIB variables are polled:

• ifInOctets— number of Inbound bytes of traffic seen on the interface
• ifOutOctets — number of Outbound bytes of traffic seen on the interface

See Configure a High Availability Topology for details on configuring access-link monitoring.