NS500 Active Passive Configuration Help

  • I’ve done a lot of reading and searching and need to help and clarification.

    We have an existing pair of NS500’s. Both are identically licensed and ready for NSRP. I am currently moving vsys’ off of one onto the other to get one empty. The one I am moving vsys’ onto has NSRP enabled. I have created no VSI’s, just using the actual interfaces.

    Will the regular (sub)interfaces participate in NSRP or do I need to delete them all and recreate them under VSI’s to get Active Passive working?

    I have one vsys with 125 tunnels bound to a vlan subinterface and I’d really rather not have to delete all the tunnels and recreate them all bound to a VSI.

    The end result should be that if any one physical interface fails, a failover event will occur, with no preemption.

    I know that I have to add the config sync command when I am ready and hook up the ha interfaces. Below is my current nsrp config:

    set nsrp cluster id 1
    set nsrp rto-mirror sync
    set nsrp rto-mirror session ageout-ack
    set nsrp rto-mirror session non-vsi
    set nsrp vsd-group id 0 priority 50
    set nsrp arp 10