WAN Clustering

Overview

A WAN cluster is a group of independent servers/nodes separated by WAN networks working together as a single system to provide load balancing and high scalability for clients and services. WAN cluster works only in active-active cluster operation mode, and is qualified on PSA7000, PSA7000-V, PSA5000, PSA5000-V and PSA3000 platforms.

Clustering supports following types of synchronization settings:

Configuration-only Cluster - Only configuration will be synced across the cluster nodes

Synchronize user sessions - Both configuration and user sessions will be synced across the cluster nodes

WAN cluster only supports Configuration-only Cluster and does not support Synchronize user sessions.

Configuring an Active-Active Configuration-only WAN Cluster

To configure an active/active Configuration-only WAN Cluster:

1.First configure an active/active cluster as mentioned in the WAN Clustering section.

2.Then, go to System > Clustering > Cluster Properties and select Configuration-only Cluster as shown in the screen below.

 

3.In the Advanced Settings, select the Network Type as Average latency 60-100ms or Average latency 10-60ms for WAN cluster. Refer to the image below.

  • For better performance a WAN cluster does not support configuring Global Static IP Pool VPN Connection Profile under Users -> Resource Policies -> VPN Tunneling -> Connection Profiles for Leasing IP to an end user client. Only Global DHCP IP Pool VPN Connection Profile Configuration or Node Specific Static/DHCP IP Pool VPN Connection Profile Configuration is supported.
  • In an active/active WAN cluster, a connection profile configured with a Global Static IP Pool will be retained during Upgrade, Binary Import and XML Import with the below warning on the Dashboard and Overview Page for admin to take appropriate action. Also, an end user using VPN tunneling clients will not be leased IPs from the Global Static IP Pool.

 

In an active/active WAN cluster, if the networks of all the internal ports of the ICS/Nodes are in different subnets, it is mandatory to add specific static network routes on every ICS/Node to reach every other ICS/Node in the cluster for better cluster communication during ICS/Node failover or downtime.

To add a specific static route on a ICS/Node to reach another ICS/Node in the cluster:

1.Go to System > Network > Routes.

 

2.Click New Route.

 

3.Based on the Network's Topology, the Static Route needs to be added on ICS/Node to reach other ICS/Node in WAN Cluster. Below is an example where static route is added on ICS Configured in 10.11.0.0/16 network having gateway 10.11.1.1 to reach another ICS/Node Configured in 10.12.0.0/16.

 

4.The same steps need to be repeated on every ICS/Node in the active/active WAN cluster.