WAN federation with HCP Consul
This topic describes how to create WAN federated connections between Consul clusters in HCP. WAN federation is a strategy for connecting multiple Consul clusters. A user-declared primary datacenter replicates data between one or more secondary datacenters, allowing them to function as if they were a single datacenter.
Tutorial: Complete the Federate Multiple HCP Consul clusters tutorial for additional guidance on enabling HCP Consul federation.
Introduction
Consul datacenter federation enables operators to extend their Consul environments by connecting multiple HashiCorp Cloud Platform (HCP) Consul clusters together within a region. Federation lowers the operational overhead of connecting applications across distinct regions and improves security. Server-to-server connectivity is automatically handled by the HCP platform.
Federation is a strategy for connecting datacenters and sharing services between them. However, HCP Consul does not support federating clusters hosted on AWS with clusters hosted on Azure. Additionally, you cannot federate HCP-managed and self-managed clusters.
HCP Consul also supports connecting services through cluster peering. Refer to the Consul documentation for additional information about the differences between WAN federation and cluster peering.
For multi-cluster connectivity, we recommend cluster peering instead of federation for most deployments. Consider your network's existing topology and needs to help you determine the most appropriate strategy your network. Refer to network topologies for more information.
Constraints and considerations
HCP Consul provides a dedicated workflow for federating clusters. Only one cluster can be designated the primary datacenter, and you cannot add standalone clusters to an existing federated network. You must create a secondary datacenter through the dedicated workflow in order to federate it with another cluster.
WAN federation on HCP Consul is also subject to the following operational constraints:
- Clusters within the HashiCorp Virtual Network (HVN) must have distinct network CIDR blocks in order to be federated.
- By default, six Consul clusters are allowed in an HCP organization. As a result, one primary cluster and five secondary clusters are supported. You can request a higher limit by filing a support ticket.
- On AWS, cluster peering and federation cannot be used on the same cluster concurrently.
Support for WAN federation across regions or cloud providers is determined by the cluster tier of the Consul servers being federated. For more information, refer to cluster tiers.
Create a WAN-federated network
- Sign in to the HCP Portal.
- Select the organization or project where you want to create the federated network.
- Click Consul.
- From the Consul Overview, click the cluster ID you want to function as the primary datacenter.
- Click Create secondary.
- Use the workflow to create a new HashiCorp-managed cluster. Give your cluster a name, select a size, and configure accessibility. You cannot change a cluster's tier or version when adding a secondary datacenter.
- Click Create secondary to begin the automated cluster creation process.
It usually takes between 5 and 10 minutes to create the new cluster. When the process is complete, HCP Consul automatically displays the federated connection.
Delete a WAN-federated cluster
When a HashiCorp-managed cluster is the primary datacenter in a WAN federated network, HCP does not allow you to delete the cluster if it is still federated with secondary datacenters. Delete all of the secondary datacenters in the federation first, then delete the primary datacenter.