Load Balancer for Active/Active Cluster

In active/active mode, you have the option of using an external load balancer with a cluster. The load balancer hosts the cluster VIP and routes user requests to a node defined in its cluster group based on source-IP routing. If a node goes off line, the load balancer adjusts the load on the active nodes. Users do not need to sign in again.

The following are the recommendations while choosing and configuring a load balancer for your cluster:

Listens to traffic on multiple ports
Manages traffic using assigned source and destination IP addresses (not destination port)

To add a load balancer using an active/active configuration:

Select System > Network > Load Balancer.
Enter the IPv4/IPv6 address of the interface connected to the load balancer in the appropriate port window. Do not enter addresses in both fields unless the load balancer is connected to both interfaces.
Select the appropriate load balancer usage options.
- Between endpoints and Ivanti Policy Secure
- Between Infranet Enforcers and Ivanti Policy Secure
Click Save Changes.

Health Checking a Server from Load Balancer

The system hosts an HTML page that provides service status for each node in a cluster. External load balancers can check this resource to determine how to effectively distribute the load among all the cluster nodes.

To perform the Layer 7 health check for a node:

Using a web browser browser, enter the URL: https://<Ivanti Policy Secure Series device-Hostname>/dana-na/healthcheck/healthcheck.cgi?status=all

This returns either HTTP Status 200 OK or 500 Internal Error. If this returns HTTP Status 200 OK, the following additional parameters are shown.

Parameter Name	Value	Description
CPU-UTILIZATION	0-100	Specifies the CPU utilization percentage (0-100).
CPU-UTILIZATION	0-100	Specifies the CPU utilization percentage (0-100).
SWAP-UTILIZATION	integer	Specifies the swap utilization percentage of the device (0-100).
SWAP-UTILIZATION	integer
DISK-UTILIZATION	integer	Specifies the used disk space percentage (0-100).
DISK-UTILIZATION	integer	Specifies the used disk space percentage (0-100).
USER-COUNT	integer	Specifies the total number of licensed users logged in to the device. This does not include any MAC address users or Radius users.


MAX-LICENSED-USERS-REACHED	boolean	Specifies the maximum number of licensed users reached.


Platform-Limit	integer	Specifies the maximum user limit on PSA hardware.


Maximum-License-Count	integer	Specifies the maximum licenses installed directly on the PSA hardware or licenses fetched from the license server.
Cluster-Name	String	Specifies the name given to the cluster. The name must be unique across the network.

The following example performs the Layer 7 health check from an external load balancer:

GET /dana-na/healthcheck/healthcheck.cgi?status=all HTTP/1.1\r\nHost: localhost\r\n\r\n

The concept of receive string is used for health check. The receive string is configured on the load balancer is used to decide whether the node is active or inactive. It is a regular expression that checks for a value present in the response. For example, Ivanti Policy Secure sends a page to the load balancer that has USER-COUNT=25 indicating that the number of active licensed users on that device is 25.

A receive string of USER-COUNT\=([0-9]|[0-9][1-9]|100); means check if USER-COUNT is between 0 and 100. In this example, 25 is between 0 and 100 and the load balancer marks the device as active and considers it for load balancing.