Shadow Mode - Gateway High Availability

With Shadow Mode, you can ensure High Availability (HA) of your network’s gateway to minimize downtime, and provide a reliable failover mechanism in the face of unexpected hardware failures. In this setup, a secondary Cloud Gateway mirrors the configuration of the primary one, and can easily take over full network and management capabilities should it ever fail.

Currently, Shadow Mode operates as a “Warm Spare,” meaning some manual intervention is required, however this will become fully automated in an upcoming release.

Requirements

  • The Cloud Gateways must be the same model.
  • The second gateway must be in a factory default state.
  • A UI Account with Owner or Super Admin privileges.
  • Both consoles must be running UniFi OS 3.2 or greater.

Note: Shadow Mode is only available for the UDM Pro and UDM SE at this time.

Configuring Shadow Mode

  1. Ensure the primary Cloud Gateway is set up and up to date, running UniFi OS 3.2 or greater.
  2. Plug the WAN of the secondary console into a LAN port of the primary. See image for details:
  3. Navigate to the UniFi OS Application settings and you will be prompted to set up the new gateway in Shadow Mode.
    1. If you are not prompted, it is likely because the secondary console is not running UniFi OS 3.2 or higher. You have two options:
      1. Continue with a standard setup, update the console to UniFi OS 3.2 or higher, and then factory reset it.
      2. Use SSH to perform an update while in factory-default state.
  4. After completing the setup, the secondary gateway will sync its configuration with the primary one. This will continue occurring every 3 hours and is indicated by the LCM displaying "Syncing". 

    Note: You can use the "Sync Now" button in your UniFi OS settings to manually initiate a synchronization.

Failover

In the event of the primary console going down, the secondary console will detect the loss of connection:

  1. The LCM screen on the Shadow Mode console will prompt you to take over. 
  2. Disconnect the cable between the Shadow Mode console’s WAN port and the LAN of the primary console.
  3. Unplug the WAN cable from the primary gateway and connect it to the Shadow Mode console’s WAN port.
  4. Remove the HDD from the primary console and insert it into the Shadow Mode console.
  5. Tap the button on the LCM screen that says "Tap To Proceed".
  6. The LCM will show, “Restoring from Backup…”.
    1. If it says "Plug in Cable", review steps (1) and (2).
  7. Continue unplugging all connections from the primary console’s switch ports and move them to the corresponding port on the Shadow Mode console.

FAQs

What triggers a failover to the Shadow Mode console?

Failover is triggered if the Shadow Mode console unexpectedly loses connectivity with the primary console. If the connection is expected to go down, such as during a reboot or firmware update, then failover will not occur unless the primary console remains offline for an extended period of time.

Should I insert an HDD into both the primary and Shadow Mode consoles?

We recommend only inserting an HDD into the primary console. This will ensure that all data is carried over to the Shadow Mode console when you swap it over as part of the failover process.

Was this article helpful?
134 out of 177 found this helpful