Skip to main content

Illumio Core 24.5 Administration Guide

PCE High Availability and Disaster Recovery Requirements

Learn how to make sure that your underlying systems are sufficient to provide high availability (HA) and disaster recovery (DR) features. Check all of the following system requirements.

PCE Cluster Front End Load Balancing

In order for a PCE cluster to provide high availability, it requires a front-end load balancer to manage traffic distribution and system health checking for the PCE.

The load balancer must be customer-provided and managed and is not included as part of the PCE software distribution. You have the option of using a traffic load balancer or DNS load balancer.

Important

The load balancer must be able to run application level health checks on each of the core nodes in the PCE cluster so it can be aware at all times whether each node is available to service requests.

Traffic Load Balancer Requirements

The PCE requires the following traffic load balancer configuration.

  • Layer 4 with Secure Network Address Translation (SNAT)

  • Least connection (recommended) or round robin load balancing to core nodes

  • HTTP health checks from load balancer to core nodes

  • High availability capabilities

  • A virtual IP (VIP) configured in the runtime_env.yml parameter cluster_public_ips

Note

Using a traffic load balancer is recommended over DNS, because it provides a quicker failure response, while DNS load balancing typically has a longer failover time.

DNS Load Balancing

Another option for load balancing the PCE cluster is using DNS where traffic is load balanced to the core nodes based on DNS rather than connection-based load balancing.

When you plan to use DNS for load balancing the PCE software, the PCE requires the following DNS load balancer configuration:

  • Round robin load balancing to core nodes

  • 30 to 60 second TTL to allow for quick failover

  • PCE core node IP addresses configured in the runtime_env.yml parameter named cluster_public_ips

  • HTTP health checks from the load balancer to core nodes

    The DNS must be able to run health checks against the PCE node_available API, and the DNS load balancer should only serve IP addresses for the cluster FQDN of those nodes that respond to the node_available API.

Network Latency Between Nodes

Important

Make sure that network latency between and among the nodes of the clusters does not exceed 10ms.

Proper operation of Illumination and Explorer is assured when latency is 10ms or less.