Failover Limitations

There are a few limitations in the LogLogic LMI failover feature.

  • The Real-Time report for Active VPN Connections (under Connectivity) is not available on the standby appliance. It uses a specific shared memory structure that cannot be replicated on the standby appliance.
  • The public IP address assigned to the failover function is an alias of the main network interface of the appliance. This is required as part of the mechanism used to update the Address Resolution Protocol (ARP) tables in case failover occurs. Since some routers fail to release the cache of IP and hardware addresses stored in their ARP tables (or store the cache for as long as 10 minutes), the LogLogic appliance sends out an ARP-release packet once per minute. This causes the router to broadcast a discovery request to find the IP address and hardware address of the devices connected to it. When failover occurs, (or when we set up a High Availability (HA) pair), the router ARP tables are updated automatically.
  • The virtual public IP address cannot be used for remote authentication (RADIUS, TACACS). Record the private IP addresses of both appliances in the remote server.
  • While setting up an HA pair, various configuration files are automatically synced between the master and standby node. If any configuration file is updated after the setup is complete, you must:
    • Manually sync the changes to the standby node by running the command /loglogic/bin/loadsettings on the master node.
    • Restart the corresponding engine on both nodes, in the following sequence:
      1. Stop the engine on the standby and then on the master.
      2. Start the engine on the master and then on the standby.

    This applies to the files defined in /loglogic/conf/rsync_conf_files.

  • The SSL certificates for HTTPS and LDAP are not replicated from master to standby when using HA.
  • Advanced Features are not accessible on the standby appliance in an HA configuration. Before HA configuration, disable Advanced Features on both appliances.
    Note: Advanced Features are accessible using the public IP address or the IP address of the master node. On the standby node, Advanced Features are not available.
  • After a failover, Active Queries tabs are not retained on the new master appliance.
  • When logging into the Web GUI for the first time after HA failover, you might see a "Security violation" error when CSRF is enabled. If you see this error, log in again by using the Public IP in a new browser session.
    Warning: After you pair two appliances in HA, no network settings can be changed.
    Warning: In failover configuration, the administrator must modify archive mounting points on both master and standby appliances.
    1. Configure mounting points for SAN or NAS through public IP.
    2. On the master (appliance A), modify the mounting points from the Admin > System Settings > Archive Mapping page.
    3. When the system prompts you to reboot, click OK.

    The former standby (appliance B) becomes the new master after the former master starts the reboot process. The administrator needs to modify the mounting points from the Admin > System > Archive Mapping page for the new master (appliance B) again, before the former master (appliance A) finishes the rebooting process.