RSS 

How To: Split up a HA Pair using Citrix NetScaler

In this AskSupport How To video you will learn how to Split up a HA Pair using Citrix NetScaler

Tags: technical support netscaler how to
Views: 1,032
Rating: 5

Transcript : Hi. My name is Ronan O’Brien, and today we’re going to look at how to break a HA pair. When I say break, I don’t mean to actually break them, but I mean to split them up. There are several reasons why we’d want to do this. If, for example, you want to upgrade your hardware, you have to…you will want to take one of your boxes out of production. Okay? You would then replace, obviously, that old hardware with some new hardware, and it’s possible to upgrade hardware like that without causing an outage. So to split a HA pair, that’s what we’re going to do. I think, maybe, split’s a better word to use. So, here we have two boxes that are in a HA pair. Right. So we can see, obviously, which one is the secondary. Okay? It’s this one here. I’m just going to pop this one down here. The blue window here is the current primary. Now, a little bit about splitting a HA pair, and this is really, really important. Okay? Some people, some customers split a HA pair without realizing the impact of what they’re doing. A HA pair runs in an active and passive mode. That means that the active box has arced(?) out. It owns the IP addresses which are the virtual IPs and the SNIPs and MIPs, as long as they’re not running in independent network configuration mode. So let’s just do sho node. And so, we can see independent network configuration state is disabled. This basically means, INC state, means that the box will own the MIPs and SNIPs. Okay. They aren’t floating. In HA mode, the only IP which is unique is the nsIP. The rest of them float. They’re what we call floating IP addresses, which means they’re owned by the primary, whichever piece of hardware that happens to be. Now, if I was just to simply log on to this box, onto each one and remove the node, okay, suddenly we would then have two primaries, or two standalone boxes, with exactly the same config, with the exception of the nsIP. What happens after that, is that both boxes carp, either of them say “I own this IP address,” and we have a little carp battle going on on the switch…or over the switch. Okay? We get very inconsistent results; requests get dropped left, right, and center; and, effectively it’s a production outage. The symptoms of this is that it’ll work for some users, for the few lucky ones. The rest will just get timed out. Okay? A situation we want to avoid. Okay. And so that’s why we need to understand, when we break the HA pair, when you split the HA pair, that we don’t have the same IP addresses in the same config on both boxes. So, we have the secondary box. This is obviously less important, because no production traffic is passing over it at the moment. So this is the one we’re going to focus on. The primary, we don’t really want to go near until towards the end. So, for the secondary box, I’m going to…we do set node. And I’m going to hit question mark here, and we get to see all the options. Right? So I’m going to set the HA status. Okay? And I’m going to set it to disabled, and we can’t really see that at the moment. Disabled. There we go. Gone. So, we see this here. It’s gone to state down. That’s fine, because we want it to do that. I type sho node again, and we get unknown here. Okay? So this box doesn’t know anything about it, because HA node is set to disabled. Next thing we want to do is change haSync and haProp. So what’s haSync? Okay, that’s basically where, when the secondary comes online, it synchronizes the config. It pools the whole config from the primary to the secondary. Right? So this is like a pool technology. Set hasync disabled. When we remove the configuration, we don’t want the secondary to any…to in any way synchronize from the primary. Okay? On the primary, we have propagation. Okay? This is when the primary propagates, or sends, a command to the secondary. Every time we make a configuration change in the primary, the secondary gets the same command sent to it. Okay. In that way, if there is a failover event, the secondary always has the latest…the latest configuration. So set ha…set node haprop disabled. Okay? Do a sho node again. And so we can see, propagation disabled. Right? That’s what we’re looking for. And we have synchronization status unknown here. Do a sho node. We can then see synchronization state on. This is the primary. Synchronization state disabled. Right? So we can’t receive any config, or anything from the primary box at this point in time. Okay? Now, the next thing we want to do is we want to clear the config from the secondary box. Okay? What do we want to clear? Basically everything. The most critical thing, though, are the IP addresses. We don’t want to have any cont…any IP conflicts, because that’s a surefire way to start losing…dropping requests. Okay? So we have a nice little command here: clear config. And I’m going to choose full. Right? So, if you want some more details on this, you type: man clear config, and then we see the different levels that we have. Okay? So you have basic, extended, and full. Now, let’s take a look at the config utility, because I’ve just been doing all the CLI for the moment. So let’s refresh. This is the primary. If I double click this we can see it’s enabled. And we can see…well, if this is a secondary node, it will fetch the configuration from the primary. But it’s not. We can see HA Propagation is turned off. Right? We’re working on the secondary box. Which I think is 50. It is. Yes. Let’s wait for the gooey to load there. So I’m just going to show you, basically, how we can do all of these things in the gooey as well. The gooey, or config utility, is the official term for it. NetScaler is really good at feature parity between…or the configuration parity between CLI and the gooey. It’s a pretty…it’s pretty impressive. There’s very little or almost nothing that you can’t do in the config utility that we can do in the CLI, or the Command Line Interface. So, let’s wait for this to load. Here we go. High Availability. And we can see here, its node state is disabled. Okay? And obviously I want to open this again and show HA Synchronization is turned off. All right? Now, if you go to System. Diagnostics. Okay? We have Clear Configuration here. And we have in here basic, extended, and full. Right? Here is basically everything except network configuration. And now we have everything, which basically just leaves you with the default root and the nsIP. Right? This is the one we’re going to go for. Because we don’t want any IP configuration left on the system. Okay. So I could just choose execute from there. I’m just going to run it from the CLI. Where are we? Again, to make sure we’re on the right system, sho node. This is the primary. I’m not going to touch that. Sho node. And we can see here, this is the secondary box. Node 0, the south node, secondary box. And this is the one I’m going to run it on. So clear config full. Boom. Am I sure? Yes, I am. That’s it. Okay? Then notice, we suddenly have south node is up. I thought we disabled that. Right? That’s fine, because it’s now no longer participating in HA. If I type: sho node, there’s only one node in there. Okay? If I type: sho vserver, nothing there. Right? So the Vserver is not there. The config is gone. We haven’t…we’re still passing…we’re still getting ping replies from the production side. So, if I now type: sho node here, we still see that the node…second node is configured, it just can’t reach it. Okay? It’s not participating, so, basically, the primary thinks that the box is down, it’s not available, it’s off the network, or simply it’s not responding to the HA conversation, which is the case here, because it isn’t participating in HA. At this point, it’s safe to remove the node. Okay? rm node 1, right, which is what it was added as. That’s done. Okay? Because it’s changed from HA primary to simply a state of up, that’s why we get this little pop-up up here. And there we go. We now have a primary on its own, and we have a secondary on its own, with no IP conflicts on the network. So that is how to safely split a HA pair. If you have any questions, please don’t be afraid to fire me an e-mail or a question. There should be a link if you’re watching this on Citrix TV. Otherwise, please don’t hesitate to use the forums. We’re quite happy to answer your questions there. Thanks so much for listening, and have a nice day.

anonymous - This is very informative video and very usefull. Great !!!

ikroumov - This is the way video tutorials should be, nice, informative, tech-direct, good audio, good video. Great!

samjacobs1 - <P>Ronan,</P> <P>Thank you for an excellent tutorial. One important point that you might want to add (which I found out the hard way) is that you need to save the config after you clear it! Otherwise, if you reboot the appliance (which I did after upgrading the firmware of the secondary), the IPs will all come back.</P> <P> </P> <P>Sam</P>

jackerm999 - Great Tutorial! I like how you showed both the command line and GUI.<br>

Log In