|
When access to all cluster members is needed two options can be used. The first one is the in-band management described here: in-band-managemant
This feature gives the ability to configure an IP on the interface that is not synchronized among the cluster members. The advantage of using this option is that the interface can be used for other traffic (pass-through) as well and not just for the ha management traffic.
On the other hand, the cluster members will respond only when the source IP used to access the cluster member via the management IP belongs to the same network subnet.
The management IP should belong in the same network subnet as the interface IP as well.
Configuration example:
config system interface
edit port1
set management-ip 172.27.10.5 255.255.255.0
set ip 172.27.10.7 255.255.255.0 <----- Not synchronized between the cluster members.
set allowaccess https ssh snmp http
next
end
Another option is to use Out-of-band management described here: out-of-band-management
When using this option an interface is dedicated to cluster management, this means that it can not be used for any short of pass thought traffic.
What is actually happening is that the interface(s) used as dedicated to HA management is 'isolated' and none of its configuration is synced to the other cluster members.
The advantage of this option is that the management IP of the dedicated-ha-interface can be accessed by any subnet.
This interface can also be used for the local-out traffic with the ha-direct option.
Configuration example:
config system ha
set ha-mgmt-status enable
config ha-mgmt-interfaces
edit 1
set interface port1
set gateway 172.27.10.253
next
end
end
config system interface
edit port1
set ip 172.27.10.7 255.255.255.0
set allowaccess https ping ssh
next
end
exit
Based on the requirements of every environment the most appropriate solution should be used.
|
