Kemp Support, how can we help?

The latest application delivery knowledge and expertise at your fingertips.

HA Requirements and Recommendations


High Availability (HA) requires some prerequisites in order to function as expected. These requirements are dominantly network-oriented and must be in place in order for HA to operate as expected



HA has some criteria that all hardware and virtual environments must adhere to. If the two units reside on different hardware devices, the physical path between the two units must be allowed to permit these configuration items.

  • Multicast traffic must be allowed. This allows CARP packets to flow to and from each unit.
  • IGMP Snooping must be disabled. IGMP Snooping prevents traffic from contacting a device that did not request the traffic.
  • ICMP Ping must be allowed. This is used to ensure network connectivity and proper display of HA status within the Web User Interface (WUI).
  • Port 6973 must be allowed. This allows for configuration to synchronize between the two devices.


Best practices

HA checks on all interfaces in production should be enabled. This allows for the LoadMaster to detect a failure in the network and fail over in the event that HA cannot be formed over any one interface.



If Virtual LoadMasters (VLMs) on the same host, ensure the below settings are configured on the appropriate Port Group.

  • MAC Address Changes: Accept
  • Forged Transmits: Accept
  • Notify Switches: No

If both VLMs are on different hosts, PortFast and Promiscuous Mode must be enabled on the physical switch ports connected to the ESX hosts. Additionally, the above changes should be configured, in addition to enabling Promiscuous Mode on the Port Group.



Within each NIC, navigate to Advanced Properties and check Enable MAC Spoofing.



A cable connecting the eth1 interface of each unit should be present. This acts as a heartbeat cable and can prevent a Master-Master in the HA pair.

Was this article helpful?
6 out of 6 found this helpful