This article provides a general overview of the requirements for a High Availabilty configuration with two Barracuda Link Balancers and explains available deployment options.
Operation of High Availability (HA)
High Availability configuration results in an active-passive pair of Barracuda Link Balancers. The active system handles all traffic until one of the following components experiences a failure or an outage:
- The LAN connection.
- All WAN links (administrator configurable option).
- The Barracuda Link Balancer appliance.
If any of the above conditions is detected, the passive system becomes active and link balances all traffic from the WAN links. Clustered Barracuda Link Balancers communicate according to the Virtual Router Redundancy Protocol (VRRP) specification. Both are configured with a single virtual IP address called the VRRP virtual IP address. This address is serviced only by the active system. If the Barracuda Link Balancer firewall is enabled, then the VRRP virtual IP address is the default gateway for devices on the LAN. In the event of a system failure, the other system in the cluster assumes the VRRP virtual IP address and becomes the active system in the cluster. An alert message is sent to the administrator.
You should use the VRRP virtual IP address to manage the Barracuda Link Balancer since that always points to the active system. Changes will automatically be propagated to the passive system.
Requirements for Clustered Systems
Before joining two systems together, each Barracuda Link Balancer must meet the following requirements:
- Model 330 or higher.
- Exact same model as the other Barracuda Link Balancer.
- Activated and on the same firmware version. The High Availability capability is only available on firmware 2.x and later.
- Accessible to the other Barracuda Link Balancer on the LAN interface. This applies only if you do not plan to use the LAN2 port for clustering.
If clustering two Barracuda Link Balancers is not an option, as an alternative, consider configuring Ethernet Passthrough. If Ethernet Passthrough is configured and the Barracuda Link Balancer fails, all traffic from WAN1 will be passed directly to the LAN.
Do NOT enable this feature under the following conditions:
- Your network relies on the Barracuda Link Balancer firewall to perform IP or port address translation for internal IP addresses.
- You have clustered systems and the passive system will take over if this system fails.
Physical Connectivity of Clustered Systems
All Barracuda Link Balancer cluster pairs may be linked using the LAN interface. Certain models also support a LAN2 interface: if there is a physical LAN port on the front panel, the Ethernet port on the back is the LAN2 port.
Linking two systems using the LAN2 port ensures that communication between the two is not delayed or compromised by other traffic on the LAN. Thsi increases the reliability of the connection and may reduce the time required to fail over. Use a crossover cable between the LAN2 ports to connect the two systems. The LAN2 IP addresses must be on the same subnet.
Synchronizing Data on Clustered Systems
When two Barracuda Link Balancers are initially joined, most configuration data, such as WAN settings, firewall rules, VPN settings and operating mode, is copied from the primary system of the cluster to the backup system (the system that joins the cluster). This configuration data is synchronized between the systems on an ongoing basis. However, the following configuration data are unique and are not synchronized between the two systems:
- LAN IP address, LAN2 IP address, DNS servers, default domain and time zone.
- System password, time zone and web interface HTTP port, as configured on the BASIC > Administration page.
- All parameters on the ADVANCED > Appearance page.
- The HTTPS port and SSL certificate used to access the web interface, as configured on the ADVANCED > Secure Administration page.
Failover and Failback
There is an automatic failback option you can configure if you want the original active (primary) system to resume link balancing upon its recovery after failover. Configure this on the ADVANCED > High Availability page. Alternatively, you can manually switch to the primary system using the Failback command available on the same page.