English (United States) Italiano
Follow

How to Configure High Availability

  Version 6.0

Applies to Platform: EndianOS 6.x 
Last update: 17 Mar 2026
 

This lesson will illustrate the necessary steps to configure a high availability cluster (active-standby) between two or more Endian appliances. This will allow a seamless failover transition to a secondary Endian appliance, in the event of a hardware or network failure on the primary appliance. This provides unparalleled hardware availability and redundancy for critical network operations and security.

Requirements

  • Two (maximum three) identical Endian appliances running the same EXACT version of software (e.g. Master = 6.8.0, Slave = 6.8.0)
  • Two (maximum three) Endian appliances connected to the same internal and external networks

How High Availability Works

The Endian high availability system is composed of three components:

  • keepalived - the application on Endian which actually manages the setup and management of high availability services
  • VRRP - the protocol (used by keepalived) to provide the high availability redundancy
  • management network - is the virtual network created as part of HA to manage the HA nodes

There are two essential roles available in an HA environment:

  • Master role - This is the "active" node in the cluster running all the active services (firewall, routing, VPN, DHCP, etc) which has the primary IP of the management network and is responsible joining/removing slave nodes and sending the VRRP heartbeat to the slave nodes. This role can only be used by one node in the HA cluster.
  • Slave role - This is the "standby" node(s) in the cluster which primarily just stays in sync with the master node and awaits a failure notice (via VRRP heartbeats) so that it can assume the Master role. This role can be used by one or (at most) two other nodes in the cluster

In the event the master goes offline or suffers a hardware failure, the slave node will immediately become master, and it keeps its master status, unless it goes offline. When the ‘original’ master becomes available, it joins the cluster again as slave and starts synchronizing. This also means that it is possible to change configuration at any time, since the master is always online. Moreover, the slave node can not be reached anymore, except by using the serial console.

Downtime can be virtually eliminated when a third node is added to the cluster. In this scenario, a concept of priority is introduced and assigned to each node (default values are 90 for the active node, 50 for the passive nodes, and 10 for the node that is out of sync). When the active node leaves the cluster, the node with the higher priority becomes the master. When the node rejoins the cluster, all nodes are checked for their synchronization status with the current master. If they are synchronized, they receive a “bonus” that raises their priority. In this scenario, downtime and data loss can only occur if two nodes are offline and the third node is out of sync.

How to Configure High Availability

On the master node that you wish to make part of the high availability system, navigate to the Services > High Availability page and fill out the HA cluster settings:

  1. Network Address: This is the management virtual network (default is 192.168.177.0/24)
     
  2. Network Mask: This is the management virtual network subnet mask (default is /24)
     
  3. Network Interface: This is the internal zone to use for connecting with the slave unit(s).
     
  4. Virtual Router ID: This is a unique ID to be used for this specific HA cluster (should be unique on the network)

Once done, click Create HA Cluster button to enable HA cluster.

Note

When configuring the HA cluster, choose a unique subnet for inter-node communication that isn't used elsewhere in the network or by other clusters. Additionally, assign a Virtual Router ID to the cluster that is distinct from those of other clusters within the same network to prevent conflicts.


When the HA cluster is created, you can now add one (or two max) slave nodes to the HA cluster.

In the space to Add a node, enter the following information to add a slave node:

  1. Node IP: This is the IP address of the slave node that is connected to the same network zone as specified under Network Interface of the master node (in our example, this is Green zone).
     
  2. SSH Password: Enter the SSH (root) password of the slave Endian appliance.

Once done, click Add node button and you should see a message confirming success or a failure explanation. If successful, you will then see the slave unit listed on the master unit, each with its own role and status (see below).

Have more questions? Submit a request

Comments