Heartbeat Link

In hot standby networking, heartbeat links are used to exchange messages between two FWs to learn about the peer status and back up configuration commands and various entries. The interfaces at both ends of a heartbeat link are called heartbeat interfaces.

The messages exchanged through heartbeat links include:

Heartbeat packets (hello packets): The two FWs periodically (the default interval is 1s) send heartbeat packets to each other to check whether the peer device is alive.
VGMP packets: VGMP packets are used to check the status of the VGMP group on the peer device to determine whether the current status of the local and peer devices is stable and whether a failover is required.
Configuration and table entry backup packets: Such packets are used to synchronize configuration commands and status information between two FWs.
Heartbeat link detection packets: Such packets are used to detect whether the peer heartbeat interface can receive packets from the local heartbeat interface to determine whether the peer heartbeat interface is available.
Configuration consistency check packets: Such packets are used to check whether the key configurations, such as security and NAT policies, of two FWs are the same.

FW security policies do not apply to the preceding types of packets. Therefore, you do not need to configure security policies for these packets.

Suggestions for Configuring the Heartbeat Links and Interfaces

The heartbeat interfaces can be connected directly or through a switch or router. It is recommended that two FWs that form a hot standby group be installed on the same rack or adjacent racks and that the heartbeat interfaces be directly connected through a network cable or optical cable.
For the USG6680E and USG6712E/6716E, use two dedicated HA interfaces as heartbeat interfaces. The two HA interfaces are added to the Eth-Trunk 65535 interface by default and cannot be removed from the Eth-Trunk 65535 interface as service interfaces. For details on the HA interfaces, see Supported Interface Types. If the bandwidth of the two HA interfaces does not meet the requirement, you can add other Ethernet interfaces to the Eth-Trunk 65535 interface to increase the bandwidth of the backup channel.
For other models that do not provide a dedicated HA interface: You are advised to plan a dedicated interface as the heartbeat interface. This interface is used only to send heartbeat packets and backup packets relevant to the hot standby function. Do not divert service packets to this interface. You are advised to add multiple Ethernet interfaces to an Eth-Trunk interface and use the Eth-Trunk interface as the heartbeat interface. In this way, both the reliability and bandwidth of the heartbeat link are increased.
Heartbeat interfaces need to transmit packets to back up service-related table entries. Therefore, the traffic volume on heartbeat interfaces depends on the service traffic volume. It is recommended that the heartbeat interface bandwidth be at least 30% of the service interface bandwidth.
You are advised to configure at least two heartbeat interfaces, one as the active interface, and the other as the backup interface.

Precautions for Configuring the Heartbeat Links and Interfaces

The MGMT interface (MEth0/0/0) cannot be used as the heartbeat interface.
The interfaces on which the vrrp virtual-mac enable command is configured cannot function as heartbeat interfaces.
The heartbeat interfaces on the two FWs must be of the same type, ID, and link protocol. If Eth-Trunk interfaces are used as the heartbeat interfaces, the member interfaces of the Eth-Trunk interfaces must also be of the same types and IDs. If VLAN interfaces (VLANIF) are used as the heartbeat interfaces, the Layer 2 physical interfaces that transmit and receive packets must be of the same type and ID.
You must assign the heartbeat interfaces on the two FWs to the same security zone.
An interface whose MTU value is smaller than 1500 cannot be used as a heartbeat interface.

The maximum length of the configuration and table entry backup packets is 1500 bytes and the packets cannot be fragmented. If the MTU of the heartbeat interface is smaller than 1500, packets sending may fail.
When the heartbeat interfaces are connected through a switch or router, the MTU of the switch ports or router interfaces that forward heartbeat and backup packets cannot be smaller than 1500.
If routes need to be configured for indirectly connected heartbeat interfaces of two devices, configure the routes correctly. Otherwise, a heartbeat interface may become abnormal and cannot be restored after the shutdown and undo shutdown commands are run on the heartbeat interface. To solve this problem, delete the incorrect route or reconfigure the heartbeat interface.
For example, a static route is configured using the ip route-static dest-heartbeat-address 32 other-up-interface command on either of the active and standby devices. The destination IP address of the static route is the IP address of the peer heartbeat interface, and the next-hop outbound interface is any interface in the up state. After the shutdown and undo shutdown commands are run on the heartbeat interface, the heartbeat interface becomes abnormal and cannot be restored.
If virtual systems are configured on a FW, the heartbeat interface cannot be an interface of a virtual system and must be the an interface of the root system. The configuration commands and table entries of virtual systems can also be backed up to the peer through the heartbeat interfaces of the root system.