Solved: 2 PSNs with the same IP address on one of the interfaces to achieve Sponsor Portal HA

umahar · ‎08-08-2018

A customer wants to implement high availability of sponsor portal with 2 PSNs. There is a separate interface for the portal and admin management traffic.

They currently do not have a load balancer in place.

One of the ideas put upon the table was to have both the portal interfaces have the same IP and always keep one interface shut using EEM script on the uplink switch.

An IP SLA would trigger the EEM script to shut and unshut interfaces so that at all times the IP is kept alive.

Is this something worth exploring to achieve high availability for sponsor portal ?

The IP on Gi0 for admin traffic will be unique for both the PSNs. The IP on Gi1 used for portal will be same on both PSNs so that we can map FQDN to this IP and try to achieve HA.

paul · ‎08-09-2018

Have you tried just putting two IPs in the DNS record for your sponsor portal shortcut? Depending on your DNS servers both IPs should get returned. The client will typically use the first one in the list and it if has issues getting to that IP it should try the second one.

View solution in original post

paul · ‎08-09-2018

You can have multiple IPs for the same A record. Check out www.yahoo.com.

nslookup www.yahoo.com

Server: UnKnown

Address: 10.1.37.12

Non-authoritative answer:

Name: atsv2-fp.wg1.b.yahoo.com

Addresses: 2001:4998:58:1836::10

2001:4998:44:41d::3

2001:4998:44:41d::4

2001:4998:58:1836::11

72.30.35.10

72.30.35.9

98.138.219.232

98.138.219.231

Aliases: www.yahoo.com<>

Most clients will use the first IP in the list. If the connection to that times out, usually around 30 seconds, it will use the second in the list and so on. This is a standard use of DNS.

View solution in original post

paul · ‎08-09-2018

Have you tried just putting two IPs in the DNS record for your sponsor portal shortcut? Depending on your DNS servers both IPs should get returned. The client will typically use the first one in the list and it if has issues getting to that IP it should try the second one.

umahar · ‎08-09-2018

Yes I have given two options.

- LTM

- DNS load balancing.

Is putting both entries in DNS different than DNS load balancing ?

I thought DNS will only send one entry and since DNS lacks probing servers its not a feasible solution.

paul · ‎08-09-2018

You can have multiple IPs for the same A record. Check out www.yahoo.com.

nslookup www.yahoo.com

Server: UnKnown

Address: 10.1.37.12

Non-authoritative answer:

Name: atsv2-fp.wg1.b.yahoo.com

Addresses: 2001:4998:58:1836::10

2001:4998:44:41d::3

2001:4998:44:41d::4

2001:4998:58:1836::11

72.30.35.10

72.30.35.9

98.138.219.232

98.138.219.231

Aliases: www.yahoo.com<>

Most clients will use the first IP in the list. If the connection to that times out, usually around 30 seconds, it will use the second in the list and so on. This is a standard use of DNS.

umahar · ‎08-09-2018

Oh thanks for clarifying that.

umahar · ‎08-10-2018

Paul,

I tested this in my lab and it works as expected. I did take some time for endpoint to go the second IP.

Have you implemented this in production ? How is the user experience ?

paul · ‎08-10-2018

I haven't used it in production, but the delay is a one-time event for the sponsor. Once it switches to the 2nd IP there should be no delay in their sponsor portal experience.