About Active/Active Clustering

An Active/Active Cluster is formed by a grouping up to four Cluster Nodes, with multiple Active units processing traffic (as multiple gateways), doing DPI, and sharing the network load. A Cluster Node can consist of a Stateful HA pair, a Stateless HA pair with standard failover, or a single standalone unit, in which case Stateful Failover and Active/Active DPI are not available. Dynamic state synchronization is only available in a Cluster Node if it is a Stateful HA pair. The traditional SonicWall High Availability protocol or Stateful HA protocol is used for communication within the Cluster Node, between the units in the HA pair.

When a Cluster Node is a Stateful HA pair, Active/Active DPI can be enabled within the Cluster Node for higher performance.

With Active/Active Clustering, you can assign certain traffic flows to each node in the cluster, providing load sharing in addition to redundancy, and supporting a much higher throughput without a single point of failure.

A typical recommended setup includes four Security Appliances of the same SonicWall model configured as two Cluster Nodes, where each node consists of one Stateful HA pair. For larger deployments, the cluster can include eight Security Appliances, configured as four Cluster Nodes (or HA pairs). Within each Cluster Node, Stateful HA keeps the dynamic state synchronized for seamless failover with zero loss of data on a single point of failure. Stateful HA is not required, but is highly recommended for best performance during failover.

Load sharing is accomplished by configuring different Cluster Nodes as different gateways in your network. Typically this is handled by another device downstream (closer to the LAN devices) from the Active/Active Cluster, such as a DHCP server or a router.

A Cluster Node can also be a single Security Appliance, allowing an Active/Active cluster setup to be built using two Security Appliances. In case of a fault condition on one of the Security Appliances in this deployment, the failover is not stateful because neither Security Appliance in the Cluster Node has an HA Secondary.

• Redundancy is achieved at several levels with Active/Active Clustering:
• The cluster provides redundant Cluster Nodes, each of which can handle the traffic flows of any other Cluster Node, if a failure occurs.
• The Cluster Node consists of a Stateful HA pair, in which the Secondary Security Appliance can assume the duties of the Primary unit in case of failure.
• Port redundancy, in which an unused port is assigned as a secondary to another port, provides protection at the interface level without requiring failover to another Security Appliance or node.
• Active/Active DPI can be enabled, providing increased throughput within each Cluster Node.

 

• Example: Active/Active Clustering – Four-Unit Deployment
• Example: Active/Active Clustering – Two-Unit Deployment