Failover behavior of the Unified Agent if the current connected data pod goes down

book

Article ID: 167654

calendar_today

Updated On:

Products

Web Security Service - WSS

Issue/Introduction

How Unified Agent (UA) fails over to a different data pod or data center in the event of an outage while connecting to the Web Security Service (WSS)?

Environment

Unified Agent

Web Security Service

Resolution

If a data pod that the UA is connected to goes down, the load balancer automatically sends the agent to another available pod when there are multiple pods at that data center. Otherwise, if the data center is a single pod site (or has no load balancer), then DNS automatically resolves over to another data center within two minutes. This time is not configurable.

Additionally, UA always fetches a list of the three closest data centers from the Cloud Traffic Controller (CTC), to which it will establish connections to the service. This is shown in its diagnostics files as follows:

<16>[12-05-2017 08:10:23 (UTC-5:00)]: Tunnel#91(my-username) Connected: CC: 199.19.250.164(DC5-TCP), Nat IP: 10.240.x.x
<16>[12-05-2017 08:10:22 (UTC-5:00)]: CA Tunnel#91(my-username) connecting to 199.19.250.164
<16>[12-05-2017 08:10:21 (UTC-5:00)]: CTC: ACTIVE(GEOIP)  DC5-199.19.250.164  MI2-199.19.251.164  NY2-199.116.175.164  
<16>[12-05-2017 08:10:21 (UTC-5:00)]: Connection to WSS successful
<16>[12-05-2017 08:10:21 (UTC-5:00)]: Tunnel#90(non-interactive-user) Connected: CC: 199.19.250.164(DC5-TCP), Nat IP: 10.240.x.x
<16>[12-05-2017 08:10:21 (UTC-5:00)]: CA Tunnel#90: status:SUCCESS-authorized, IP bypass count: X, Domain bypass count: Y

 

The following KB shows if a data center has multiple data pods, or only a single data pod:

WSS data center IP addresses