Skip to main content

Illumio Administration Guide 26.x (SaaS)

PCE High Availability and Disaster Recovery Requirements

Learn how to ensure your underlying systems are sufficient to provide high availability (HA) and disaster recovery (DR) features. Check all of the following system requirements.

PCE Cluster Front End Load Balancing

For a PCE cluster to provide high availability, it requires a front-end load balancer to manage traffic distribution and perform system health checks for the PCE.

The load balancer must be customer-provided and managed, and is not included in the PCE software distribution. You have the option of using a traffic load balancer or a DNS load balancer.

Important

The load balancer must be able to run application-level health checks on each core node in the PCE cluster so it is always aware whether each node is available to service requests.

Traffic Load Balancer Requirements

The PCE requires the following traffic-load-balancer configuration.

  • Layer 4 with Secure Network Address Translation (SNAT)

  • Least connection (recommended) or round robin load balancing to core nodes

  • HTTP health checks from the load balancer to the core nodes

  • High availability capabilities

  • A virtual IP (VIP) configured in the runtime_env.yml parameter cluster_public_ips

Note

Using a traffic load balancer is recommended over DNS because it provides a faster failover, whereas DNS load balancing typically has a longer failover time.

DNS Load Balancing

Another option for load balancing the PCE cluster is to use DNS, where traffic is load-balanced to the core nodes based on DNS records rather than connection-based load balancing.

When you plan to use DNS for load balancing the PCE software, the PCE requires the following DNS load balancer configuration:

  • Round robin load balancing to core nodes

  • 30 to 60 second TTL to allow for quick failover

  • PCE core node IP addresses are configured in the runtime_env.yml parameter named cluster_public_ips

  • HTTP health checks from the load balancer to core nodes

    The DNS must be able to run health checks against the PCE node_available API, and the DNS load balancer should only serve IP addresses for the cluster FQDN of nodes that respond to the node_available API.

Network Latency Between Nodes

Important

Make sure that network latency between and among the nodes of the clusters does not exceed 10ms.

Proper operation of Illumination and Explorer is assured when the latency is 10ms or less.