| Table of Contents |
|---|
Feature Overview
The High Availability component provides the ability to join two SBC Servers in an Active/Passive cluster with automatic migration of service in case of a hardware or network failure. Also, allowing the system administrator to configure both servers as the primary one and copy the configuration to the secondary server with a single command. During the migration process, established calls drop and no new calls are processed. The migration period is very quick, typically lasting only 10-15 seconds.
...
SBC HA clusters are often used for critical Trunking and Remote Phone applications on a Carrier network, Enterprise Network, and various VoIP business applications. SBC HA cluster implementations add redundancy to eliminate single points of failure, including multiple network connections and Call Flow applications. There is a Dedicated Network for the purpose of a "heartbeat" which is used to monitor the health and status of the other SBC Server in the cluster, as well as copy the configuration to the Secondary server within the SBC application.
Requirements
These are the minimum requirements for proper operation of High Availability on the Sangoma SBC,
Minimum Software release 2.3
The cluster requires one Dedicated Ethernet Network Link between both SBC Appliances and one Ethernet Network Link as a Backup Link. The Backup Link can be either a Second Dedicated Link or one Ethernet Interface connected to an internal network subnet, where both servers can reach each other on the same Subnet via a Multicast link
The High Availability feature is only supported on Sangoma SBC Appliances and SBC VM Software with 3 Ethernet Network Links or more.
When using SBC VMs, creating the VMs both VMs have to have the same number of interfaces since first boot, same exact number Ethernet physical interfaces, number assignment (Eth0, Eth1...) and default gateway configuration.
Multi Service Business Gateway (MSBG, SBC with Telecom Cards) is not Supported.
Site Planning
Pick your Network Topology
There are a large number of Network Topologies that the Sangoma SBC supports. Some of the most common are:
WAN - LAN : One Ethernet Interface on the Public WAN - One Ethernet Interface on the Private LAN
DMZ - LAN : One Ethernet Interface on the Public/Private DMZ - One Ethernet Interface on the Private LAN
DMZ : One Ethernet Interface on the Public/Private DMZ
LAN : One Ethernet Interface on the Private LAN
IP Address Assignment
For the specific application of HA Failover, there is an increase of IP Address usage.
...
| Note |
|---|
IP Address Planning is very important. IP Addresses for Dedicated Network, Direct Connectivity on LAN and WAN interfaces, and Floating IP addresses for different SIP Call Flow applications on the LAN and WAN. |
Configuration
Within these instructions, SBC Servers which are being configured will be referenced as Primary - the SBC Server where all the common configuration is performed - and Secondary - the one receiving the common configuration via copying the configuration from the Primary server. The SBC Server which are part of a configured and running cluster will be referenced as Nodes - either Master Node - for the SBC Server where resources are actively running, or Slave Node - for the SBC Server acting as a Failover Server. This is the same nomenclature used by the user interface and at the system logs within the SBC configuration.
The following steps assume the SBC is "out-of-the-box", without any previous configuration or operation.
Configuring the Primary SBC Server
First Time LogIn
By default, Sangoma's SBC Appliances have the following Default IP Settings.
...
| Note |
|---|
Deactivation of Root User: New in the SBC release 2.3 and higher is the deactivation of Root User. Please ensure Root user is deactivated and a new administrator account is created. |
License
It is important to note there is no special licensing for HA Failover on the Sangoma SBC products.
Sangoma SBC Appliances should come already pre-installed with Max-Calls licenses. The SBC VM Software will require a License Key and process to bind the key to a MAC Address.
Configure Network Settings
Configuration | IP Setting | Network
...
| Info |
|---|
Floating IPs are configured elsewhere within the HA setup. Do not attempt to configure the Floating IP Address here. |
Configure "Primary Server Interface"
Configuration | IP Setting | Network
...
Example of LAN Side
...
Example of WAN Side
...
Configure "Primary Dedicated Network Interface"
Again, this is the unique network between the Primary Server and the Secondary Server. An Ethernet Cable is connected between these two Ethernet Interfaces.
...
| Info |
|---|
It is recommended to use IP address from private IP address range for dedicated network in case of direct cable connection between primary and secondary SBC. |
Configure Default Gateway and DNS Servers
From the Network box, you can also set the hostname, default gateway and the DNS servers. If you use DHCP for any of the interfaces you won't be able to specify a default gateway or DNS servers.
...
| Note |
|---|
NOTE: Primary SBC must be restarted after the Hostname change to continue with further HA config. It is mandatory to restart Primary SBC at this point. |
Configure Media Interfaces
Configuration | IP Settings | Media Interfaces
...
The "Software" mode is used in the SMB SBC Appliance, and the SBC VM Software. When there is no DSP card present.
...
Detect Modules
| Note |
|---|
This step can be skipped when in Media Interface is "Software" as there are no DSPs to detect. |
...
| Info |
|---|
Firmware Update: This may be needed if upgrading SBC software versions and new installations. |
Configure Placeholder SIP Profile
In order to successfully Apply a SBC configuration there needs to a SIP Profile. In this step, we are configuring a place-holder SIP Profile to be deleted later. Typically there is a Default Profile that is pre-configured, this is fine to continue to use. Or if the IP Address or Ethernet port has changed, please modify the SIP Profile to the new Interface and IP Address.
...
Ensure there is a Name for the Profile and the new Ethernet Interface and IP Address is selected.
...
Apply the Configuration
Configuration | Management | Apply
The SBC Configuration is not nearly complete at this stage, Simply, there is enough configuration to APPLY the settings to the SBC. This will update any IP Addresses and DSP configurations.
...
Configuring the Secondary SBC Server
This process initially starts as commissioning an independent SBC Server that is going to be identified as the Secondary Server. The initial goal is to complete the commissioning steps to result in having a completely new and unique SBC Server that uses a different Secondary Server Interface, a corresponding peer for the Dedicated Network Interface, Media Interface and placeholder SIP Profile.
Follow the same steps as above to commission the Secondary SBC Server.
First Time LogIn
License
Configure Network Settings
Configure "Secondary Server Interface"
Using a different IP Address than the Primary Server. The Secondary Server will most likely be located on the same Subnet as the primary, but needs a different IP Address.
...
Select the Physical Ethernet Interface,
LAN side Ethernet interface
Optional - depending on SBC setup in the network topology. When completing adding the LAN side, Also add an additional WAN side Ethernet Interface if needed.
IPv4 or IPv6 type
Enter the IP Address and Mask of the Secondary Server
Secondary LAN Example
...
Secondary WAN Example
...
Configure "Secondary Dedicated Network Interface"
Again, this is the unique network between the Primary Server and the Secondary Server. A Ethernet Cable is connected between these two Ethernet Interfaces. Here we are configuring the Secondary Server.
...
| Note |
|---|
NOTE: Secondary SBC must be restarted after the Hostname change to continue with further HA config. It is mandatory to restart Secondary SBC at this point. |
Configure Default Gateway and DNS Servers
Configure Media Interfaces
Detect Modules
Configure Placeholder SIP Profile
Apply the Configuration
Registering the Secondary SBC Server
After initial configuration on both the Primary Server and Secondary Server and applying the Network aspect of the configuration, the next step is registering the Secondary Server on the Primary Server.
...
| Info |
|---|
The following generated Access Key should not be made public. Do not share with general public. |
Generating an Access Key
On the the Secondary Server, the Access Key is generated with Configuration | High Availability | Settings
...
Copy the encoded Access Key text from the text box into Clipboard or Notepad or TextEditor
Adding a Peer on the Primary Server
On the Primary Server, go to the Configuration | High Availability | Settings and add the Secondary Server as a Peer Node with the Access Key.
...
The system will be registered locally and show on the Peer nodes list - its configuration can be viewed or modified by clicking Modify on the right side of the row.
...
Configuring HA on the Primary SBC Server
With the Secondary Server registered,
Configure Floating IPs
A Floating IP is an IP Address used as a commonly shared IP Address between the Primary and Secondary Servers. When the Master Node fails - for whatever reason, the Slave Node takes over as the Master Node using the assigned Floating IPs. These Floating IPs are defined in the HA Settings configuration and not in the Network Interfaces. Then these Floating IPs are assigned in the various SIP Profiles used for applications such as SIP Trunking and Remote Phones.
...
Repeat these steps for all IP Addressed and Interfaces where the SBC and SIP Profile will be reachable via SIP protocol. Common applications would be to have One External WAN Trunking IP Address and another Internal LAN Trunking IP Address.
...
Enable High Availability
In this section, we select the Dedicated Network Interface and the Backup Network Interface and turn on Active/Passive HA.
...
For instance, if eth4 is used as a Dedicated Network / Interface and is also a direct cable connection between the Primary and Secondary servers then it must be removed from the Failover triggers table. If the Failover triggers is not removed, in the instance when the Slave Node goes down due to a reboot for instance, it will cause the Master node to temporarily lost NSC service until the Slave node's Cluster service is started.
Floating IP Assignment in SIP Profiles on Primary SBC Server
Now to continue the configuration of the SBC. We last left the Primary Server with a "place-holder" SIP Profile. Delete it and make the SIP Profiles we are going to use.
Configuration | Signaling | SIP Profiles
Create SIP Profile
Configuration | Signaling | SIP Profiles
...
Once completed the configuration of the SBC, Apply the Configuration.
Apply the Configuration
...
Copy configuration from the Primary to the Secondary Server
Once you have successfully applied the configuration, you will be redirected to the Control Panel, you will see a warning message "Configuration has not been copied to Peer".
...
After both servers are configured and the configuration has been copied over, the cluster is now fully configured and ready to start operation.
Starting the HA Cluster
Overview | Dashboard | Control Panel
...
SBC VM Ethernet Manual Setup: dnsmasq is **required** for HA. The dnsmasq config file can be modified if needed, provided it doesn't interfere with any other configuration that is already in place. **If it is ever disabled, things will stop working**. it's OK to add entries to dnsmasq, but it is NOT OK to bypass it.
Management
Cluster management is performed at at the Control Panel page: when the High Availability module is enabled, this page is augmented with information from all nodes in the cluster and from the common cluster state, the later available when the Cluster Management service is active.
The first table - Cluster Nodes - shows the current configured nodes in the cluster and their state, which are described below:
Normal operational states:
STOPPED: Cluster Management (clustermon) service is not running on this node;
STARTING: clustermon service is starting, cluster services not running yet;
INITIALIZING: clustermon service was started and cluster is being initialized;
JOINING: clustermon is running and node is attempting to join the cluster;
ONLINE: node is part of the cluster and its fully operational;
Failure and non-operational states:
DISABLED: node is disabled mode, either from manual intervention or from a failover trigger;
OFFLINE or NOT JOINED: clustermon is running but node was unable to join the cluster;
UNREACHABLE: node is not part of the cluster and could not be reached;
FAILING: node is part of the cluster but could not be reached - this usually indicates a node that is about to fail;
UNMONITORED: node is part of the cluster but clustermon is not running - which mean this node would not be able to failover.
...
Services managed directly by the cluster are called Cluster Resources, and will be shown on the Control Panel as soon as the cluster services are initialized.
| Info |
|---|
NOTE: Services SIP Security Monitor, Media Firewall and RTCP Monitor are automatically started by NetBorder Session Controller on the master node and should not be started on all nodes at the same time. |
HA SSH Firewall Automatic Whitelist
During the setup of an HA environment, on the Cluster Nodes when there is an existing IP address in the SSH Firewall Rule Whitelist the IP addresses of its Peer node will be added to the list.
...
In this example, on the HA Master node the Network IP address 10.253.253.254/32 was the new change and was added to the SSH Firewall Rule Whitelist after Copying configuration to Slave. Since 10.254.254.254/32 is not used anymore it should be deleted on the whitelist.
HA Upgrade Guide
Please refer to the HA Upgrade Guide, to upgrade a pair of SBC servers in High Availability setup
...