Implement Active/Active explicit proxy with high availability

book

Article ID: 166570

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

You need to implement Active/Active explicit proxy with high availability.

Resolution

Note: This article uses Proxy1 and Proxy2 as examples.

To have Active/Active explicit deployment with high availability for ProxySG appliances, you must balance the load of traffic from the source and then configure failover groups on each proxy.

Step 1: Load-balance the traffic for each proxy

Configure the clients to send an equal amount of traffic to each proxy using one of the following methods:

  • Configure a PAC file that allows some clients to send the traffic to Proxy1 and the other clients to send the traffic to Proxy2.
  • Configure the proxy name in your DNS that resolves to the two IPs of the proxy.

Step 2: Configure failover groups on each proxy

To have high availability, make sure that each proxy is able to process the traffic of the other proxy when it is down.

Configure two failover groups on each proxy:

  • On the first failover group (group1), configure Proxy1 as the master and Proxy2 as the backup.
  • On the second failover group (group2), configure Proxy1 as the backup and Proxy2 as the master.

In this example configuration, the following could occur:

  • If Proxy1 and Proxy2 are up, both are processing traffic.
  • If Proxy1 is down and Proxy2 is up, Proxy2 processes the traffic for failover group1 (for which it becomes master) and group2 (for which it is already master).
  • If Proxy2 is down and Proxy1 is up, Proxy1 processes traffic for failover group2 (for which it becomes master) and group1 (for which it is already master).

Example

Implement Active/Active explicit proxy with high availability for two proxies, Proxy1 (IP address 10.10.10.1) and  Proxy2 (IP address 10.10.10.2). 

  1. Create a virtual IP (VIP) on Proxy1 with the IP address of Poxy2, which is 10.10.10.2.
  2. Create a VIP on Proxy2 with the IP address of Proxy1, which is 10.10.10.1.
  3. Create failover group1 with the IP address 10.10.10.1 on Proxy1 as Master and on Proxy2 as Backup.
  4. Create failover group2 with the IP 10.10.10.2 on Proxy1 as Backup and on Proxy2 as Master.