Out Of Band Failover

CONFIGURE > NETWORK RESILIENCE > OOB Failover

Out-of-Band (OOB) Failover detects network disruption via the probe interface, and automatically activates a cellular or ethernet interface connection to re-establish network access.

OOB failover requires an IPv4 address (in dotted decimal format), or an IPv6 address, or a domain name, which is always reachable and unlikely to change. When OOB failover is Enabled, the node regularly pings this address, using the probe interface, to check for network connectivity.

When OOB Failover is Enabled, and the device enters the failover_starting state, the device will establish a connection on the failover_physif (enabling the failover_physif in the process, if it wasn’t already enabled).

Note:It can take a while to transition between the failover_starting state and the failover_complete state. This transition is usually not more than a couple of seconds for wired connections. Cellular connections can take a few minutes to establish, however. If the chosen failover_physif was enabled in the Web UI at Configure > Network Connections > Network Interfaces and already had a connection established, this transition will be faster than if the failover_physif was disabled.

When in the failover_complete state, the device will continue to perform connectivity tests against the configured probe addresses from the probe_interface. When connectivity is restored, the failover_physif will return to the enabled/disabled status it had before it was used for a failover connection, and the device will transition to the primary_complete state.

Optional Additional Probe Address

You can, if preferred, configure an optional, (secondary) additional probe address (probe_address_2) for the connectivity tests associated with Out of Band Failover. When the additional probe address (probe_address_2) is configured, the device will only activate the failover_starting state change when both primary and additional probe addresses are unreachable. When an additional probe address is not specified (empty), the connectivity tests will only check against the probe_address, and enter the failover_starting state when it is unreachable.

Show OOB Failover Settings - CLI Configuration Example

Enable Out-of-Band Failover

1. To manage Out-of-Band Failover, navigate to the CONFIGURE > NETWORK RESILIENCE > OOB Failover page.
   

   Probe Interface: this is the interface that will be used to test if ping can reach the configured address

   Probe Address: the ipv4 or ipv6 or domain name of the address that will be “pinged”.
   Additional Probe Address: the ipv4 or ipv6 or domain name of the additional, secondary probe address that will be “pinged” if the first probe address is unreachable.
   

2. In the Failover Interface section, select the failover interface from the drop-down list.
   
   Configurable probe (failover from) and failover (failover to) interfaces are shown below:

   NET1 - the default probe interface.

   Cellular - the default failover interface for cellular-capable models.

   NET2 - the default failover interface for non-cellular models.
   

3. When you have completed the OOB Failover set-up, ensure the OOB Failover status is set to Enabled, then, click Apply, a confirmation is displayed.

4. On the Network Interfaces page the Failover Interface will display "Configured for OOB Failover" beside the interface name.
   

5. When failover is triggered, the interface will be marked with the warning: OOB Failover Active to an Admin user when logged in.
   

   Note:It may take up to five minutes for a failover to actually occur once the probe stops connecting to the probe address.
   

   Note:The shortcut button Enabled/Disabled is disabled or removed when an interface is in active failover.

DNS Queries on a Dormant Failover Interface

The Dormant DNS option allows DNS queries on the failover interface to be disabled in normal operation so that DNS queries can be paused.

The option configures how the DNS name servers and search domains configured for the failover interface are used by the system.

• If set to Yes, the DNS name servers and search domains configured for the failover interface will always be available to the system for DNS name resolution. Allowing DNS queries while failover has not been triggered make it more likely that DNS requests will be made over the cellular interface which will increase data usage.

• If set to No, the DNS name servers and search domains will be made available to the system only when the failover state is active.

To configure the DNS name servers and search domains, see DNS Configuration.

OOB Failover Types & Failover Behavior

OOB setting	Failover Interface	Mode	Description
Disabled	Enabled	Always up OOB	When OOB Failover is disabled, the default outgoing interface cannot be specified, the default route is selected automatically. Outbound network connections (e.g. VPN client tunnels, SNMP alerts) are established according to the main static routing table, regardless of network state.
Enabled	Disabled	Failover mode	Failover detection is enabled on the selected “probe” interface. The network or cellular interface remains in a down state with no network configuration. When failover is initiated, the network or cellular interface is started and configured. If a default route is installed on the interface, it takes precedence over the default route on the failed “probe” interface. Outbound network traffic (e.g. VPN client tunnels, SNMP alerts) are established or re-established over network or cellular connection during failover. The advantage of this mode is the secondary connection is completely inactive during normal operation which may be advantageous where the goal is to keep the interface off the Internet as much as possible, e.g. a cellular plan with expensive data rates and no carrier-grade NAT.
Enabled	Enabled	Dormant failover	Failover detection is enabled. Only inbound connections on the network or cellular interface are routed back out the network or cellular interface, to enable OOB access from remote networks (e.g. incoming SSH). Otherwise, outbound network connections (e.g. VPN client tunnels, SNMP alerts) are established according to the main static routing table, regardless of network state. When failover is initiated, the default route of the network or cellular interface takes precedence over the failed “probe” interface. Outbound network traffic (e.g. VPN client tunnels, SNMP alerts) are established or re-established over the network or cellular connection during failover. The advantage of this mode is the network or cellular connection is available for inbound out-of-band access during normal operation.