Split brain detection over Internet


#1

Hi,
I have a few Peplink Balance deployment with HA in a multisite environment.

There are 2 datacenter with a Layer2 connection (typically DWDM) between them, so I have the same VLAN on both sites.
We got 2 Internet connection, one in each site, and put a Balance in each site. On the main site we have the Master unit, in the secondary site the Slave unit


This configuration allow to have high availability of the device and also on the internet connections. If the main site fail, the secondary site could work using is local internet connection and the slave Peplink.
We use the Peplink with inbound load balancing with DNS, so also incoming connections will flow to the secondary site in case of failure of the primary one.

all works very well… BUT…
In case of the layer2 DWDM links between the two site goes down, we have a split brain of the peplink devices: each one think to be the active one (the SLAVE become MASTER because of VRRP), each Balance see just the local internet link working and the remote one failed, and start resolving dns queries with the IP of the local line.
So some incoming traffic will be diverted to the secondary site, and this is bad.

What I’m asking is if it’s possibile to put a feature in future releases to allow the Balance to check, using the Internet, if a Balance device is alive on the failed Internet connections IPs, and so to allow the SLAVE one to know it’s in split brain and to do not became active.

Thank you for your patience :slight_smile:


#2

Hello,

This kind of problem cannot be solved with the peplink.
In my case, I solved the issue using Link State Tracking on the Cisco switches.
Basically if the intersite link (DWDM in your case) is broken (link goes to down), the switch disable all ports (LAN and Wan) where the peplink (SLAVE) is connected.
So only one device is active…

Regards,

HA