SD-AVC High Availability

SD-AVC supports a high availability (HA) configuration, using more than one SD-AVC network service. Each network device operating with SD-AVC, and consequently running the SD-AVC agent, designates a primary and secondary SD-AVC network service. If the primary SD-AVC network service becomes unavailable, the device fails over to the secondary service.

In the event of failover, the secondary SD-AVC network service receives the application data (state) maintained by the SD-AVC agents on participating network devices. This provides SD-AVC a degree of resilience, enabling the secondary network service to receive previously aggregated data and resume operation where the primary network service left off. In addition, because each SD-AVC agent maintains its state locally, classification of traffic on each device continues seamlessly during the failover from primary to secondary network service.

For all devices in the network that are operating with SD-AVC, it is recommended to use the same primary SD-AVC network service.

Figure 1. Primary and Secondary SD-AVC Network Services in High Availability Configuration

SD-AVC Network Services Collect Application Data Separately

Each SD-AVC network service collects application data from the devices that are using it as their active service. Multiple SD-AVC network services do not share application data with each other directly. So if the primary service becomes unavailable, the agents that were using it fail over to the secondary service, and that service begins collecting application data from the agents.

Configuring High Availability SD-AVC

Setting up SD-AVC in a high availability configuration requires two steps that differ from a non-HA configuration.

  1. Set up more than one SD-AVC Network Service. For information about setting up an SD-AVC Network Service, see Installation Overview.

  2. When configuring a device to use SD-AVC, specify primary and secondary SD-AVC Network Services with the address command. In other respects, configuring the device is identical to a non-HA configuration. For information about setting up a device, see Configuring Network Devices to Use SD-AVC. The configuration commands are shown below.

    avc sd-service
segment cisco 
controller 
address primary-network-service-ip secondary-network-service-ip
vrf vrf_mgmt

    Example:

    (config)#avc sd-service
(config-sd-service)#segment cisco 
(config-sd-service)#controller 
(config-sd-service-controller)#address 10.56.196.146 10.56.196.150
(config-sd-service-controller)#vrf vrf_mgmt

Switchover between Primary and Secondary SD-AVC Network Services

If the primary SD-AVC network service for a device becomes unavailable, the device switches over to its secondary network service.


Note

The primary SD-AVC network service may become unavailable either by unexpected failure, or for a planned outage, such as for an upgrade.

Appearance in Dashboard

After the switchover, the SD-AVC Dashboard for the secondary network service displays the device. To indicate that the device is in a switchover state, the Network Monitoring pane > Connection icon appears yellow, indicating a warning. Clicking Connection shows the affected device and the switchover label.

Functionality

After switchover, the secondary SD-AVC network service handles all operations for the device, including:

  • Collecting traffic data from the device

  • Displaying the traffic data

  • Deploying Protocol Packs to the device if necessary

Returning to the Primary

When the primary SD-AVC network service becomes available again, the device returns to the primary network service.

For a temporary period after re-connecting, the device status is switchback. This is displayed in:

Network Monitoring pane > Connection

During the temporary switchback period, no Protocol Packs can be deployed to the device.