Fortinet Document Library

Version:

Version:

Version:

Version:

Version:


Table of Contents

Handbook

Advantages of HA Active-Active-VRRP

Compared with HA Active-Passive or Active-Active clusters, an HA Active-Active-VRRP cluster offers the following advantages:

  • The HA Active-Active mode is an device-based HA mode, in which the HA fail over will switch over the whole failed device even in cases where only one monitor port fails.
  • In FortiADC HA Active-Active-VRRP mode, you can manually assign a virtual server to a traffic group, enabling you to do traffic load design based on virtual servers.
  • In HA Active-Active-VRRP mode, FortiADC only synchronizes the session table/persistence table to the next available device in the same traffic group using the “failover-order “ command. In cases where you have more than two devices in the cluster, this synchronization mechanism can turn out to be more efficient than HA Active-Passive or Active-Active mode because the session/persistence table will be synced to the whole HA group. In this sense, FortiADC actually supports the N+M hot-backup function.
  • HA Active-Active mode must work together with an external router with the ECMP route configured to distribute traffic to different Active-Active nodes; HA Active-Active-VRRP mode does not need this external router to do ECMP traffic distribution — Both sides can simply point their respective gateway to the VRRP floating IP.
  • In HA Active-Active-VRRP mode, different devices in the same traffic group have the same HA status. Once you have pointed both the client and the server side gateways to the floating IP in the same traffic, the incoming/outgoing traffic will going to the same device. As a result, HA Active-Active-VRRP mode doesn't need to multicast the traffic itself to the HA group, which should offer the best network performance and efficiency.
  • In HA Active-Active mode, the AA-Master will take over all AA-NotWorking nodes' traffic. If multiple AA devices have failed, the AA-Master will have to process much more traffic than the AA-Slave nodes, which may exhibit some unexpected behavior under abnormal high traffic stress.
  • In terms of sync session, you are unable to access the real server’s IP address from the client directly in HA Active-Active mode, but you don’t have this limitation in HA Active-Active-VRRP mode.

Advantages of HA Active-Active-VRRP

Compared with HA Active-Passive or Active-Active clusters, an HA Active-Active-VRRP cluster offers the following advantages:

  • The HA Active-Active mode is an device-based HA mode, in which the HA fail over will switch over the whole failed device even in cases where only one monitor port fails.
  • In FortiADC HA Active-Active-VRRP mode, you can manually assign a virtual server to a traffic group, enabling you to do traffic load design based on virtual servers.
  • In HA Active-Active-VRRP mode, FortiADC only synchronizes the session table/persistence table to the next available device in the same traffic group using the “failover-order “ command. In cases where you have more than two devices in the cluster, this synchronization mechanism can turn out to be more efficient than HA Active-Passive or Active-Active mode because the session/persistence table will be synced to the whole HA group. In this sense, FortiADC actually supports the N+M hot-backup function.
  • HA Active-Active mode must work together with an external router with the ECMP route configured to distribute traffic to different Active-Active nodes; HA Active-Active-VRRP mode does not need this external router to do ECMP traffic distribution — Both sides can simply point their respective gateway to the VRRP floating IP.
  • In HA Active-Active-VRRP mode, different devices in the same traffic group have the same HA status. Once you have pointed both the client and the server side gateways to the floating IP in the same traffic, the incoming/outgoing traffic will going to the same device. As a result, HA Active-Active-VRRP mode doesn't need to multicast the traffic itself to the HA group, which should offer the best network performance and efficiency.
  • In HA Active-Active mode, the AA-Master will take over all AA-NotWorking nodes' traffic. If multiple AA devices have failed, the AA-Master will have to process much more traffic than the AA-Slave nodes, which may exhibit some unexpected behavior under abnormal high traffic stress.
  • In terms of sync session, you are unable to access the real server’s IP address from the client directly in HA Active-Active mode, but you don’t have this limitation in HA Active-Active-VRRP mode.