Proxy SG supports redundancy/failover configuration using SG Redundancy Protocol (SGRP) which is a derivative of the Virtual Router Redundancy Protocol (VRRP). To learn more about the basics of failover configuration on the Proxy SG, please refer to the following document:
SGRP does not provide support for load balancing between the members of the same failover groups. Only an Active/Standby scenario is supported. However multiple failover groups can be configured to achieve an Active/Active configuration. This will also requires some supporting configuration via DNS or via the pac file to achieve true balancing of the network load. To learn more about this configuration please review the following document:
When configuring failover customers often run into problems with the multicast addresses used. Some multicast aware switches expect to see traffic at lower numbered multicast addresses rather than higher numbered ones. The recommendation would be to configure something in the 220.127.116.11/24 range to avoid these kinds of issues. The following documentation uses 18.104.22.168 as an example but I would still recommend configuring the address in the previously mention subnet. See the following document for further information:
Your failover configuration can be as large and as complex as needed to support the forwarding of traffic in your network. The SG supports the configuration of a large amount of failover groups to support this goal. Please review the following document if you would like to learn more:
Once failover is configured it is important to have a way to verify the status of the failover group. The Proxy SG provides a mechanism for this status monitoring. Please review the following documentation to learn more.
The setup and operation of a failover configuration is normally fairly straightforward and simple. As with any network deployment there can be issues.
When configuring failover it is recommended that the SGs in each failover group have the master/backup configuration hard coded rather than trying to set specific priority numbers for each device.
Also the advertisement interval for the hellos to be sent between the failover pair should be set to 1 second rather than the default of 40 seconds. This allows for the failover to occur much faster.
Also ensure that IGMP snooping on the switch is turned off globally or on the port the SG is connected to or some other workaround is applied so that IGMP snooping does not interfere with the operation of failover. Please consult the following documentation for further insights into dealing troubleshooting failover and dealing with common issues: