The High-Availability Front End (HFE) node is a public-facing node that allows sub-second switchover between Active and Standby SBC instances of an HA pair, as it negates the need for any IP reassignment. GCP requires each interface of a instance in a separate Virtual Private Network (VPC). Create a minimum of six VPCs for a full HFE set up (assuming all management interfaces for the SBC and the HFE node are in the same VPC). HFE 2.0 is an environment that uses a single HFE node with 5 interfaces. All trusted and untrusted traffic use the same node. Each interface's function is described in the following table: Caption |
---|
0 | Table |
---|
1 | Interfaces for HFE 2.0 Configuration |
---|
|
Standard/Ubuntu Interface Name | NIC | Function | Requires External IP? |
---|
eth0 / ens4 | nic0 | Public Interface for SBC PKT0 | Yes | eth1 / ens5 | nic1 | Private interface in for SBC PKT1; only instances in the same subnet can connect. | No | eth2 / ens6 | nic2 | Management interface to HFE. | Optional | eth3 / ens7 | nic3 | Interface to SBC PKT0; ensure it is in the same VPC and the subnet as SBC pkt0. | No | eth4 / ens8 | nic4 | Interface to SBC PKT1; ensure it is in the same VPC and the subnet as SBC pkt1. | No |
|
Info |
---|
| To use a HFE 2.0 environment, the startup-script for the SBCs requires the field HfeInstanceName . For more information, refer to the table in the section "User Data" on the page Instantiating SBC SWe in GCP. |
HFE 2.1 has two HFE nodes, each responsible for a different type of traffic: - Untrusted public traffic to the SBC (for PKT0). In this document, such a HFE node is referred to as "PKT0 HFE node".
- Trusted traffic from the SBC to other trusted networks (from PKT1). In this document, such a HFE node is referred to as the "PKT1 HFE node".
Both HFE nodes require three interfaces, as follows: Caption |
---|
0 | Table |
---|
1 | Interfaces for HFE 2.1 Configuration |
---|
|
Standard/Ubuntu Interface Name | NIC | PKT0 HFE node Function | PKT1 HFE node Function | Requires External IP? |
---|
eth0 / ens4 | nic0 | Public Interface for SBC PKT0 | Private interface in for SBC PKT1; only instances in the same subnet can connect. | Yes (only on PKT0 HFE node) | eth1 / ens5 | nic1 | Management interface to HFE. | Management interface to HFE. | Optional | eth2 / ens6 | nic2 | Interface to SBC PKT0; ensure that the interface is in the same VPC and subnet as SBC pkt0. | Interface to SBC PKT1; ensure that the interface is in the same VPC and subnet as SBC pkt1. | No |
|
Info |
---|
| To use a HFE 2.1 environment, the startup-script for the SBCs requires the fields Pkt0HfeInstanceName and Pkt1HfeInstanceName . For more information, refer to the table in the section "User Data" on the page Instantiating SBC SWe in GCP. |
|