Using Edge Node clusters

  • Updated on Dec 9, 2024
  • Published on Dec 6, 2024
  • 8 minute(s) read
Prev Next

This article explains how to use the Secure Edge Portal to configure and manage an Edge Node (formerly Edge iNode) cluster to achieve high network availability.

Edge Node clustering can be enabled for your company’s account based on your Subscription Agreement. For more information, contact your Account Manager.

Introduction to Edge Node clusters

An Edge Node cluster is a group of Edge Nodes that work together to provide high availability, eliminating the Edge Node as a single point of failure. Clustering allows you to manage multiple Edge Nodes from a single point of provisioning, ideal for mission-critical applications.

A cluster consists of two or more Edge Nodes, with one acting as the master and the others as backup nodes. Both master and backup nodes inherit the configuration settings defined at the cluster level. If the master node fails, a backup node automatically takes over the master role, ensuring continuous service.

Mastership election in Edge Node clusters

To achieve high availability, the cluster must elect a master. When adding an Edge Node to a cluster, you can specify whether it will participate in the mastership election. If it is a candidate, you also assign a priority value. The Edge Node with the highest priority (or the highest IP address in the event of a tie) becomes the master. Backup nodes monitor the master’s health via heartbeat signals. If the master stops sending heartbeats, the election process runs again, and the next highest priority node becomes the new master. Nodes that are not candidates do not participate in the election.

The clustering mastership election can be run either on the WAN or TAN network. You can choose this when creating the cluster and the default is WAN network. All the candidate nodes must be connected to the network that is chosen for the clustering mastership election. If you choose TAN network for mastership election, then one of the TAN networks must be configured as the network for clustering mastership election.

Cluster-level configuration settings

The following settings are configured at the cluster level and inherited by each Edge Node in the cluster:

  • Local network - Network addressing, master IP address, default destination, remote networks, static routes, and security policy.
    • Master IP address, default destination, and remote networks are applicable only to the master.
    • All other settings apply to every node in the cluster.
  • Services - While services are specified at the cluster level, you can control how services are distributed across nodes using the Kind parameter:
    • Daemon: Runs one instance of the service on all nodes in the cluster.
    • Replica: Runs one instance of the service on a set of nodes that you select using labels.
    • Singleton: runs one instance of the service only on the master node. If the master fails, the service will runs on the newly elected master.

The following figure illustrates an Edge Node cluster.

 

Provisioning Edge Node clusters

You can create and manage Edge node clusters from the Clusters page, accessible from the left menu of the Secure Edge Portal. This page provides a list of all the clusters in your organization.

From this page, you can complete these tasks (which are described in detail in the following sections):

  • Provision an Edge Node cluster
    • Create a cluster
    • Configure network type for clustering mastership election
    • Add Edge Nodes to the cluster
    • Add a local network to the cluster
    • Add multiple local networks to the cluster
    • Add services to the cluster

Create a cluster

  1. From the left menu of the Secure Edge Portal, select Clusters. Then select the plus sign (+) to open the Add Cluster page.
    NoClustersClustersPage
  2. Provide a unique name for the cluster.
    AddClustersPage

Configure network type for clustering mastership election

Note
This setting can only be changed if there are no Edge Nodes in the cluster.

By default, the clustering mastership election runs on the WAN network. To change it to TAN:

  1. Expand Advanced Settings.
  2. Set Network Type for Clustering Mastership Election: to TAN.

Add Edge Nodes to a cluster

Before you add an Edge Node to a cluster, it must meet the following conditions:

  • It must not have a local network of its own.
  • It must not be a member of another cluster.

To add the node:

  1. On the Add Cluster or Edit Cluster page, select Add Node and the select the Edge Node in the dropdown field.
  2. To include the Edge Node as a candidate for mastership election, select the Candidate checkbox. Note that only up to three (3) candidates are allowed per cluster.
    The portal will add the Candidate label to the Edge Node for you.
  3. In the Priority field, specify this candidate's priority for mastership election . The higher the number, the more likely the candidate node will be elected master. You can specify a number 1 through 254 (1 is the lowest priority and 254 is the highest). The default value is 100.
    SelectInodeForClusterp
  4. You can add up to 32 Edge Nodes per cluster. When finished, select Save.
    SelectNodeClustersPage
  5. After you create the cluster, go to the Clusters page to verify that it’s listed there.
    SavedClustersPage

Adding local networks to a cluster

After creating a cluster and adding Edge Nodes, you’ll need to add a local network. The network type for clustering mastership election determines the type of networks supported:

  • For WAN, both static and DHCP networks are supported.
  • For TAN, only static networks are supported.

The local network configuration is inherited by all Edge Nodes in the cluster and cannot be modified at the individual node level. Also, you cannot add extra local networks to the clustered nodes.

If the local network you add at the cluster level includes a remote network connection, the master Edge Node will manage that connection. In the event of a master node failure, the remote network connection will automatically transfer to the newly elected master.

Custom security policies are not effective for controlling traffic on local networks within a node cluster. If both the From Network and To Network are the local network within the security policy definition, the rule will not be applied.

If you want to use VLANs in your cluster network, we must enable this feature for your company’s Secure Edge account, as per your Subscription Agreement. For more information, contact your Account Manager.

Add a local DHCP network

  1. On the Clusters page, select the name of the cluster to display its details page.
    ClustersDetailsPage
  2. On the Networks tab, select the plus icon ( + ) to open the Add Network page.
  3. Enter a Name for the network and set Network Addressing to Dynamic.
  4. Enter the Master Node IP Address. This auto-populates the Default Gateway.
    AddClusterNetwork
  5. Select Save. Once you’ve added the local network to the cluster, you’ll see its details on the cluster details page.

Add a local static network

  1. On the Clusters page, select the name of the cluster to display its details page.
    ClustersDetailsPage
  2. On the Networks tab, select the plus icon ( + ) to open the Add Network page.
  3. Enter a Name for the network and set Network Addressing to Static.
  4. Provide the  Network CIDR and specify a range of IP addresses (at least one) that will be reserved for internal use. These IP addresses must be part of the same IP subnet as the local network’s CIDR.
  5. Optionally, enter the Master Node IP Address. If you don’t set this field, devices on this network will use the start IP address configured in the previous step as the master node and the default gateway for this network.
  6. Select Save. Once you’ve added the local network to the cluster, you’ll see its details on the cluster details page.

Add multiple local networks to a cluster

Multiple local networks are only supported for cluster that use all static networks. To add additional static networks, repeat the steps in Add a local static network for each new network.

Configure high availability on clusters

You can configure high availability on your clusters to enable automatic master switchover on WAN or TAN interfaces during link outages. 

  1. From the Clusters page, select the cluster you want to modify.
  2. From the Manage Cluster drop-down menu (top-right), select Edit > Advanced Settings.
  3. Set the High Availability for Interface Failover toggle switch to On.

Add services to the cluster

Running edge services on a cluster is similar to running them on a node, but you must specify how the services should run: as a daemon, replica, or singleton (as explained in Cluster-level configuration settings).

You'll also need infrastructure services such as DHCP server, DNS server, NTP server, etc. We provide a collection of core infrastructure services that may be available for your company's account based on your Subscription Agreement. See Secure Edge core services for more information.

View cluster details

You can view cluster details, including status, connected Edge Nodes, and associated networks and services, from the cluster details page. Simply select the cluster name from the Clusters page.

The following image shows the services tab of a specific cluster.

ClusterServiceDetailsP

Convert a single Edge Node to cluster

You can convert an existing Edge Node into a cluster without losing its current configuration. This will create a new cluster and assign the existing configuration to the cluster. After the conversion, the Edge Node will retain the same networks and services it had as a standalone node.

Note:
  • This conversion is supported for Edge Nodes with only static local networks.
  • After conversion, if the Edge Node is removed from the cluster, it will lose its configuration.
  • When you convert an Edge Node to a cluster, the node will reboot.

Follow these steps to convert a single Edge Node to cluster:

  1. From the Nodes > All Nodes page, select the node to open details page.
  2. On the Manage Node dropdown menu (top-right), select Convert To Cluster to open the Create Cluster page.
  3. On the Create Cluster page, add a cluster name. 
  4. Set Network Type for Clustering Mastership Election to WAN or TAN, as applicable, then select OK.
  5. A confirmation dialog appears. Select Yes - Convert to confirm the cluster creation. The node reboots.
  6. After you create the cluster, go to the Clusters page to verify that it’s listed there.

After conversion, you can add more Edge Nodes to the cluster to achieve high availability. 

Cluster design recommendations

  • Distribute redundant Edge Nodes across independent hardware.
  • If you have standalone Edge Nodes on the same local network as an existing cluster, consider adding them to the cluster as non-candidate nodes. This simplifies the management of all the standalone nodes into a single cluster-level configuration.

Troubleshooting cluster issues

  • Cluster heartbeats use multicast for master failure detection. Ensure your network switch doesn’t filter or interfere with multicast traffic, as this could delay or prevent failovers.  
  • Avoid using the same WAN network for multiple clusters, as this can cause configuration issues such as no master in a cluster, or incorrect configuration settings being applied to nodes.
  • Although automatic failover ensures no service disruption, it can mask node failure. It’s important to monitor cluster health by checking for failover events in the Secure Edge Portal.