Computing and communication networks typically include nodes, such as routers, firewalls, switches, or gateways, which transfer or switch data, such as packets, from one or more sources to one or more destinations. The nodes may operate on the packets as the packets traverse the network, such as by forwarding or filtering packet-based network traffic.
Nodes may be configured in a node cluster to provide high availability (HA) security services, to a network, through redundancy when one of the nodes and/or links, within the cluster, fails. When a failure is detected within an active node and/or link, within the cluster and via which traffic is being transported, a failover operation may be performed to preserve traffic flow via the cluster. The failover operation may, for example, be performed by switching the active node and/or link from an active state to an inactive state and/or by switching a backup node and/or link from the inactive state to the active state. The backup node and/or link may be switched to the active state so that the traffic may be transported to and/or from the backup node via the backup link.
Unfortunately, performing the failover operation may cause a temporary, though significant, disruption (e.g., 10 seconds, 30 seconds, 1 minute, 5 minutes, 10 minutes, etc.) to traffic flow via the cluster. For example, when performing the failover operation, the active node may toggle the active link (e.g., from an active state, to an inactive state, and back to an active state), which may cause an address table (e.g., that stores a list of media access control (MAC) addresses and/or other addresses), used by a switch within the cluster, to be purged. The switch may, as a result of purging the address table, replicate and flood packets to some or all ports associated with the switch (e.g., including ports associated with the backup node) to rebuild the address table based on an address associated with the backup node. The flooded packets may also notify other nodes, within the network, that the traffic is to be transported using an address associated with the backup node. Thus, while the failover operation may provide a mechanism by which normal traffic flow can be restored when a node and/or link fails, the period of time to perform the failover operation may cause a disruption in services provided by the network and/or a loss of packets.