How To Avoid HA Split-Brain due to Missed Heartbeats

How To Avoid HA Split-Brain due to Missed Heartbeats

69581
Created On 09/26/18 13:50 PM - Last Modified 06/01/23 09:40 AM


Resolution


Issue

Palo Alto Networks uses a private heartbeat link to monitor the health and status of each node in a high availability cluster. Split-brain occurs when the private link goes down, but the cluster nodes are still up. Each node believes that the other is no longer functioning and attempts to start services that the other is running. In some instances the link may not be down, but due to high load on the dataplane, heartbeats may be missed.

 

Example logs of heartbeat ping failures are shown below:

2.png

Resolution

To prevent split-brain due to missed heartbeats, the Heartbeat Backup option should be selected when configuring HA. By selecting this option, the firewalls will use the management ports to provide a backup path for heartbeat and hello messages. The option is found on the WebUI under Device > High Availability > General > Election Settings

1.png

 

owner: panagent
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClrpCAC&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language