User`s manual
DT-6X60 User's Manual - Platform (Build 2.0)
6.9 H
IGH
A
VAILABILITY
O
PTION
The High Availability option couples two DT-6X60 modules as an active and a standby. The
active DT-6X60 runs applications, while the standby "stands by" and monitors the active DT-
6X60. If the active DT-6X60 fails or loses power, the standby will shortly take over the active role.
In standby mode, the DT-6X60 has completed system boot, but has not started applications. A
standby DT-6X60 supports a subset of the commands in section 6, plus a small number of
commands for support of high availability, documented later in this section. The prompt at the
standby system console contains the word "standby".
Whenever a DT-6X60 with high availability configuration boots, it first enters standby mode and
begins to poll the other DT-6X60 every few seconds across the IP network that joins them. There
are three possible outcomes:
The other DT-6X60 doesn't respond (within a period of approximately 20 seconds), so this
standby becomes active.
The other DT-6X60 is already active, so this standby updates its internal time-of-day from
the active and continues to poll.
The other DT-6X60 is also in standby, so a brief negotiation follows, and one of them
becomes active, while the other remains in standby.
The standby periodically polls the active and also (optionally) updates its version of system and
application configuration from the active. If the active DT-6X60 fails to respond to probes from the
standby (for approximately 25 seconds), the standby takes over as active by starting up the
instances using its most recent version of system and application configuration. Prior to starting
applications, the standby performs the procedure for accelerated recovery of TCP connections, as
described in the dtproduct command.
The active tracks the status of the other DT-6X60, and remembers the most recent poll from the
standby. If polls from the standby are overdue, the active initiates polling at a low frequency.
The physical proximity of the two DT-6X60's must be near enough on the LAN to provide a
reasonably reliable connection between the two. On the other hand, it is wise to avoid having them
on the same power line.
If the network connection between the active and standby is broken, the network becomes
partitioned; the standby cannot receive responses from the active. Thus the standby will take
over as active (at least on the portion of the network where it remains connected). When the
connection is reestablished, the two actives soon see each other (because actives initiate polling
when the standby has not been seen) and respond to this impermissible situation by rebooting.
Upon reboot, they negotiate to choose a new active and standby.
Two new configuration objects are required for the high availability option: ippublic and ipother.
When a DT-6X60 is configured for high availability, the vfy mod command shows whether this DT-
6X60 is the active or standby.
Both members of a duplex configuration must be the same product: both either are DT-6160’s or
both are DT-6260’s. A DT-6x60 will reject any attempt to use a DT-6061 as the other partner. In
addition, a DT-6X60 will reject an attempt to install the DT-6061 platform software.
06/07/07 Datatek Applications Inc. 41
In a duplex configuration, if an inconsistency is detected between the active and standby (for
example, the active is a DT-6061 and the standby is a DT-6160), the standby will wait four and a
half minutes, disable the standby console, and reboot 30 seconds later. After rebooting, if the
inconsistency is still detected, it repeats the cycle. This prevents the active and standby from
synchronizing, thus disabling the ability to switchover from one to the other. The four and one half