部署- EdgeConnect HA

EDGECONNECT高可用性（HA）模式是一种高可用性群集配置，通过将两个EdgeConnect设备配对一起提供设备冗余。

When a deployment profile configures two EdgeConnect appliances in EdgeConnect HA mode, the resilient cluster acts as a single logical system. It extends the robust SD-WAN multipathing capabilities such as Business Intent Overlays seamlessly across the two devices as if they were one entity.

使用EDGECONNECT HA模式，WAN UPLINK实际插入了EdgeConnect设备中的一个，但在群集中都可以使用。对于执行NAT的WAN连接（例如，消费级宽带Internet连接），这意味着只需要提供一个公共IP，以便在EdgeConnect HA群集中的两个EDGECONNECT设备都可以构建业务意图叠加层使用该运输资源。

Enable EdgeConnect HA Mode

在设备树中，选择设备，然后右键单击以选择部署从上下文菜单。出现设备的部署页面。
Select theedgeconnect ha复选框。
Configure the interfaces (LAN and WAN–side) on both EdgeConnect devices to reflect the WAN connections that are plugged into each one of the respective appliances.

NOTE:Both EdgeConnect devices will be able to leverage all WAN connections regardless of which chassis they are physically plugged into. It is, however, important to match the deployment profile interface configuration to the actual chassis the WAN connection is physically, directly connected to.
Select the physical ports on the respective EdgeConnect appliances that you will connect to each other using an Ethernet cable (RJ-45 twisted pair or SR optical fiber).

NOTE:您可以为此HA链接选择任何LAN或WAN端口组合，该链接可在相应的EdgeConnect底盘上使用。您必须匹配HA链接两端的媒体类型和速度。（例如，1千兆位 - Ethernet RJ-45至RJ-45或10千兆位 - Ethernet多模纤维LC-Connector-Connector-to-LC-Connector）。另外，请注意，您不能将MGMT端口用于HA链接；只有LAN或WAN端口。

IPSec over UDP Tunnel Configuration

为了在高可用性集群中两个EDGECONNECT设备都能共享通用的传输连接，因此您必须通过UDP模式将隧道类型设置为IPSEC。

请参阅编目中的隧道设置（编排>编排服务器>工具>隧道设置).

NOTE:如果要使用运行VXOA 8.1.6或更高的EDGECONNECT设备部署网络，并且编排器8.2或更高版本，则默认情况下，隧道类型已经通过UDP模式设置为IPSEC。

VRRP配置

Typically, in a branch site deployment, you will choose to configure the cluster with a VRRP protocol and assign a VIP (virtual IP) address to the cluster.

将优选的LAN侧主要EdgeConnect的VRRP优先级设置为128。
Set the other, Secondary appliance’s VRRP priority to127。

局域网侧监控

The IP SLA feature should be configured to monitor the LAN-side VRRP state in order to automatically disable subnet sharing from that appliance in the case of a LAN link failure.

有关更多信息，请参阅IP SLA配置指南。