High availability configuration settings - Platform - BlueCat Gateway - 24.1

Gateway Administration Guide

Locale
English
Product name
BlueCat Gateway
Version
24.1

Below are detailed descriptions of status values, fields, and settings for Availability groups on its Configuration page.

Tip:

To view Availability group settings for the current instance of BlueCat Gateway, click the Navigator button if necessary, then click Configurations > High availability.

The Availability group page displays Availability group settings. The boxed summary at the top of the page displays current status information for the current Gateway instance and the Availability group that it belongs to, if any:

Field/Option Description
Node role

The role of the current instance (node) of Gateway in its Availability group. This can be one of the following:

  • Primary: The current instance is the Primary node for its group. This is the active instance that runs Gateway scripts and operations.
  • Secondary: The current instance is the Secondary or standby node for its group.
  • Not in a group: The current instance is not in an Availability group.
Connection to DNS

The status of the connection that this instance of Gateway has with its DNS server.

  • Connected: The connection between the node and its DNS server is functioning normally.
  • Disconnected: The connection between the node and its DNS server is interrupted.
  • Not applicable: The node has locally-configured Availability group configuration information, but the node information has been removed from the DNS server.
Last Heartbeat Time (UTC) The UTC timestamp for the last heartbeat received from the Primary server.
Group members The Primary and Secondary members of this Availabilty group.

To edit this Gateway instance's Availability group settings, click the Edit configuration button at the bottom of the page.

  • The following settings are available on the Edit Configuration page for a Gateway Availability group. For most, the current values are also displayed when viewing the High availability page.

General settings

Field/Option Description
Primary IPv4 address

The IPv4 address for the Primary instance of Gateway, and therefore for the Availability group.

Availability group options

Field/Option Description
Scheme

The communication scheme used by the Availability group and its nodes. You can choose from HTTP or HTTPS.

Note: We recommend using an HTTPS scheme where possible.
Important: Both the Primary and Secondary nodes must use the same scheme.
FQDN

The fully qualified domain name (FQDN) used to create the DNS host record that maps to the IP address of the Primary Gateway instance.

In the case of a failover (typically when the Secondary Gateway node determines that the Primary node has failed), the Secondary Gateway node will change the IP address in the host record to point to itself. This makes sure that the DNS server always resolves requests made to the FQDN to an active Gateway instance within the Availiabity group.

If this host record does not exist, Gateway will create it.

Port The port used for HTTP/HTTPS communications between members of the Availability group. By default, this is 80.
Important: Both the Primary and Secondary Gateway instances must use the same port.
FQDN TTL

The Time-to-live (TTL) for the host record in the DNS server for the Availability group, in seconds. This value tells a cache how long it can store the host record before refreshing the search to get an answer from the name server.

By default, the FQDN TTL is 30.

TSIG key settings

TSIG key settings specify settings for the Transaction Signature (TSIG) used by members of the Availability group.

Field/Option Description
Name

The name of the TSIG key to use for members of the Availability group.

Algorithm The encryption algorithm used by the Availability groups TSIG key. You can choose from the following:
  • hmac-md5
  • hmac-sha1
  • hmac-sha256
  • hmac-sha512
Note: The hmac-md5 algorithm has known attacks and vulnerabilities. We recommend hmac-sha256 or hmac-sha512 where possible.
Secret The contents of the TSIG Secret key. The length depends on the chosen algorithm.

Failover settings

Failover settings configure the heartbeat and timeout behaviour for the Availability group.

Field/Option Description
Heartbeat interval

The time between health reports sent by the Primary Gateway node (in seconds).

Standby check interval

The time between checks made by the Secondary Gateway node to see if the Primary node is still active (in seconds).

Failover period

How long the Secondary Gateway node waits after a heartbeat before deciding that the Primary Gateway node has failed (in seconds).

If this timeout is exceeded, the Secondary node attempts to take over. We recommend using a multiple of the Standby check interval.