Managing Client Connections
If you configure clients with one or more failover clusters, you can use Management Center to force selected clients to disconnect from one cluster and connect to another without any downtime. For example, you may connect clients to another cluster to do the following:
-
Prepare for planned maintenance on the primary cluster.
-
Balance the load across multiple clusters.
-
Shift the clients’ connection back from a failover cluster to its primary cluster.
| Moving clients from one cluster to another is most useful when your clusters replicate data across each other. See WAN Replication. |
Filter Lists
Clusters allow or disallow client connections, using rules that are defined in a filter list. You can deploy filter lists to your connected clusters, using the UI or the REST API in Management Center.
When a cluster receives a filter list, it applies the rules to any new or existing client connections.
Management Center supports the following types of filter list:
-
Allow list: Clients that are allowed to connect to the cluster.
-
Deny list: Clients that are not allowed to connect to the cluster.
Client Address Types
You can filter clients, using the following types:
| Address type | Description | Example |
|---|---|---|
Label (recommended) |
A string that matches the client label in the client’s configuration. This string can include
wildcard characters ( |
|
Instance Name |
A string that matches the client’s name in the client’s configuration. This string can include
wildcard characters ( |
|
IP Address |
IP address of a client (IPv4 or
IPv6) with optional range characters ( |
|
| It’s useful to assign roles to your clients by configuring them with labels. These labels are displayed in Management Center. You can filter clients that have certain labels. |
When a cluster member receives the deployed filter list, it immediately applies the list to all currently connected clients and then uses it for newly connecting clients. Clients on the deny-list connect to another cluster only if they are configured with a failover cluster. Otherwise, clients on the deny-list shut down.
| If some cluster members are not reachable from Management Center, those members keep using the last filter list that they received. |
Synchronization of Filter Lists Across Multiple Instances of Management Center
If you have more than one instance of Management Center connected to the same cluster, the cluster synchronizes changes to its filter lists among all Management Center instances. When you create, update, or delete an active filter list, the cluster receives the filter list and sends it to the other connected instances of Management Center. Any existing filter lists on those instances of Management Center are overwritten.
When another Management Center instance deploys a new filter list, the following message is displayed in the app and the Client Filtering Settings and Filter Lists data is automatically refreshed:
Client filtering configuration was updated by another Management Center instance
Reconnecting Clients to the Primary Cluster
When you disconnect a client from its primary cluster using a filter list, that client cannot automatically reconnect to the primary cluster.
You must deploy a new filter list to the cluster to update the client connection.
Related Resources
See Blue-Green Deployment and Disaster Recovery in the Platform documentation.
