Security includes availability. A DDoS attack or hardware failure that takes down a critical service is a breach of the CIA triad. High Availability (HA) architectures ensure that single points of failure are eliminated through redundancy and automated failover.
Active/Passive involves one primary node handling traffic while a standby waits for a failure. Active/Active distributes the load across multiple nodes simultaneously, providing both redundancy and horizontal scaling.
💡 Pro-tip: In Active/Active firewall clusters, ensure session synchronization is enabled. Otherwise, if Node A dies mid-transaction, Node B will drop the return traffic, breaking the user's connection.
VRRP (Virtual Router Redundancy Protocol) allows two routers to share a single default gateway IP. The 'Master' handles traffic, while the backup takes over instantly if the Master fails.
Load balancers (Layer 4-7) distribute traffic across server farms. They perform continuous health checks (HTTP GET, TCP SYN). If a server fails a check, the LB removes it from the pool, ensuring users are never routed to a dead backend.
⚠️ 'Split-brain' scenarios occur when the HA heartbeat link fails, causing both nodes to assume the active role and creating IP conflicts. Always use redundant, dedicated heartbeat links.
| Protocol | Layer | Use Case |
|---|---|---|
| VRRP/HSRP | L3 | Default Gateway Redundancy |
| LACP | L2 | Link Aggregation / Bandwidth |
| HAProxy | L4-L7 | Server Load Balancing |
Verify exercises to earn ★ 240 XP and unlock next lab level.