Differences

This shows you the differences between two versions of the page.

--- ha:keepalived [2023/07/18 17:51] – veera
+++ ha:keepalived [2023/07/18 18:40] (current) – [2. Configure keepalived on both MASTER and SLAVE] veera
@@ Line 10: / Line 10: @@
-Architecture
+===== Architecture =====
+{{:ha:keepalived-arch.png?400|}}
+===== Steps =====
+==== 1. Install Trisul Network Analytics on both HA DR nodes. ====
+<note important>LICENSE: You need the UNLIMITED license to enable redundancy HA and DR features</note>
+==== 2. Configure keepalived on both MASTER and SLAVE ====
+Follow instructions in [[admin:keepalived|Configure keepalived]]
+Ensure the PRIORITY of MASTER is atleast 50 higher than the priority specified in the SLAVE node.
+==== 3. Use IPTABLES on MASTER ====
+During normal operation both nodes will be in active-active mode. The NETFLOW sent to the MASTER node will be mirrored to the SLAVE node using IPTABLES rule. You can also use the [[https://github.com/trisulnsm/netflow-shim-tunnel|netflow-shim-tunnel]] to accomplish this
+iptables DNAT rule
+<code>
+iptables -t nat -A PREROUTING \
+    -p udp -m udp --dport 2055 -j DNAT \
+        --to-destination 10.10.100.116
+systemctl start iptables
+systemctl enable iptables
+</code>
+Make it persistent using the iptables-services package
+<code>
+dnf install iptables iptables-services
+</code>
+<code>
+iptables-save > /etc/sysconfig/iptables
+</code>
+To list the NAT rule
+<code>
+iptables -t nat -v -L -n --line-number
+</code>
+To delete (for testing)
+<code>
+iptables -t nat -D PREROUTING 1
+</code>
-{{:ha:keepalived-arch.png|}}