Table of Contents
HA mode using Keepalived
High Availability Mode of Trisul ensures that a Trisul cluster always alive in the event of a single node failure. This article describes how it can be configured step by step.
Keepalived
It is a Linux implementation of the VRRP Protocol which allows for establishing a Virtual IP. We will be using HA based on VRRP protocol in this article.
Architecture
Steps
1. Install Trisul Network Analytics on both HA DR nodes.
2. Configure keepalived on both MASTER and SLAVE
Follow instructions in Configure keepalived
Ensure the PRIORITY of MASTER is atleast 50 higher than the priority specified in the SLAVE node.
3. Use IPTABLES on MASTER
During normal operation both nodes will be in active-active mode. The NETFLOW sent to the MASTER node will be mirrored to the SLAVE node using IPTABLES rule. You can also use the netflow-shim-tunnel to accomplish this
iptables DNAT rule
iptables -t nat -A PREROUTING \
-p udp -m udp --dport 2055 -j DNAT \
--to-destination 10.10.100.116
systemctl start iptables
systemctl enable iptables
Make it persistent using the iptables-services package
dnf install iptables iptables-services
iptables-save > /etc/sysconfig/iptables
To list the NAT rule
iptables -t nat -v -L -n --line-number
To delete (for testing)
iptables -t nat -D PREROUTING 1