This article provides information to clarify the high availability (HA) internal mechanism (Virtual Router Redundancy Protocol (VRRP) and ucarp) in Kerio Control version 9.3.0 and above.
Note: Kerio Control v9.3.0 (or above) must be installed on both Master and Slave. The versions should match.
Kerio Control has two mechanisms to detect the peer's status, and determine if the other peer is active and working:
- First, ucarp can identify if the other side is up or down with the help of VRRP, where the Master continuously advertises itself and can take actions, e.g., obtain virtual IP, release it by executing up/down scripts, etc.
- If this does not happen in around 10 seconds, Kerio Control tries to recover itself using a sync link. Whenever there is a change in responses to heartbeat messages sent over the sync link and the ucarp does not correct the situation for a few seconds, Kerio Control calls up/down scripts manually to obtain or release virtual IPs. Since the Slave has a virtual IP, the Master is responding with the heartbeat messages over the sync link for a few seconds, which indicates ucarp has some problem to recover; otherwise, the Slave should have already released the virtual IP.
Important notes on the HA operation, VRRP, and ucarp
- The VRRP setup is done separately on Master and Slave. Regarding HA configuration, separate setup and up/down scripts for ucarp are created (this is not synced). The sync link is used to synchronize parameters, e.g., secret, machine name, interface names, and other security checks before enabling ucarp.
- After the synchronization is completed, ucarp initiates and the active machine sends broadcast VRRP messages. No external involvement is required during this stage since ucarp does it all.
- VRRP ads are sent on all interfaces on which there is a virtual IP.
- Kerio Control can detect health check without VRRP, so before virtual IPs are assigned, statuses like 'Master Down' may be shown. However, Kerio Control is waiting for ucarp to assign a virtual IP first. If it is not received, Kerio Control assigns it.
- Kerio Control is always performing health check with sync link, in parallel with VRRP.
- If the sync link check fails, the Slave host enables virtual IPs on its interfaces with a delay. It first waits for ucarp to take care of it. If it does not respond in a few seconds(~10-15s), Kerio Control assigns virtual IP manually.