Share via

SQL Server 2022 Always on cluster - separate networks for replication and heartbeat

Cooper, David A. [T4] 60 Reputation points
2026-03-26T21:34:52.49+00:00

We're building a 3-node SQL 2022 Always On cluster with typical architecture of 2 x HA nodes and 1 x DR node. We want to separate out replication traffic and heartbeat traffic on their own networks -- that's potentially three separate networks: client, replication, heartbeat. First, is it even necessary or advisable to separate replication and heartbeat from each other, or can they share same network? We plan on 10Gbe dual-port NICs for replication traffic. If advisable to separate heartbeat from replication, can heartbeat network be 1 Gbe instead of 10Gbe? Finally, what needs to be done to bind replication to it's own network, and potentially also bind heartbeat to it's own network? Where is that done? Thanks!

Possible networks - summary:

1 x Client (listener traffic)

1 x Replication (log shipping)

1 x Heartbeat (keepalive/healthcheck)

Vs...

1 x Client (listener traffic)

1 x Replication (log shipping)/Heartbeat (keepalive/healthcheck)

Windows for business | Windows Server | Storage high availability | Clustering and high availability
0 comments
Answer accepted by question author
  1. Jason Nguyen Tran 15,205 Reputation points Independent Advisor
    2026-03-27T02:14:12.1133333+00:00

    Hi Cooper, David A. [T4],

    In practice, it is not strictly necessary to separate replication and heartbeat traffic onto different networks. Both can safely share the same dedicated network, provided you have sufficient bandwidth and redundancy. With dual‑port 10GbE NICs, you already have more than enough capacity to handle replication traffic and cluster health checks together.

    If you do choose to separate them, the heartbeat network does not need to be high‑speed; 1GbE is more than sufficient since heartbeat traffic is lightweight. The key is ensuring that the cluster has at least two independent communication paths to avoid false failovers. Most administrators prefer a simpler design: one client network for listener traffic, and one dedicated network for both replication and heartbeat.

    To bind replication traffic to its own network, you configure the SQL Server Always On Availability Group endpoints to listen on the dedicated NIC/IP. This is done through SQL Server configuration when you create or alter the endpoints. For heartbeat, the binding is handled at the Windows Failover Cluster level, you assign cluster networks and set their roles (Cluster Only, Client Only, or Both) in Failover Cluster Manager.

    In short, separating replication and heartbeat is optional, and combining them is often simpler and fully supported. Heartbeat can run on 1GbE, while replication benefits from your 10GbE NICs. Configuration is done in SQL Server for replication endpoints and in Failover Cluster Manager for heartbeat networks.

    I hope the response provided some helpful insight. If it clarified the issue for you, please consider marking it as Accept Answer so others with the same issue can find the solution. Feel free to leave a comment if you need further information.

    Jason.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-26T21:35:10.88+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    For SQL Server Always On (WSFC + AGs), separating traffic into multiple networks is supported, but splitting replication and heartbeat onto completely separate physical networks is generally not required. The key is to have:

    • At least one reliable client/cluster network for client access and cluster communication.
    • Sufficient bandwidth and low latency for data movement (AG replication / log shipping).

    From the provided material, the clearest guidance on multi‑network design comes from Exchange DAGs, but the same Windows networking principles apply to WSFC/AG designs.

    1. Do replication and heartbeat need separate networks?
      No explicit requirement is shown to separate heartbeat and replication into different physical networks. In the Exchange DAG guidance (also a Windows Failover Cluster–based HA technology), the recommended split is:
      • One MAPI (client) network for client/AD/DNS traffic.
      • One or more Replication networks for database replication and cluster heartbeat between nodes.
      The documentation explicitly recommends isolating the client network from the replication network, not splitting heartbeat away from replication:
      • “MAPI networks should be isolated from Replication networks… block traffic between the MAPI network and the Replication networks. This configuration is necessary to prevent network heartbeat cross talk.”
      This implies that cluster heartbeat and replication traffic can coexist on the same “replication” network, as long as that network is isolated from client traffic.
    2. Is a dedicated heartbeat network with 1 GbE acceptable?
      Heartbeat traffic is low bandwidth; it does not require 10 GbE. The main requirements are:
      • Low, predictable latency between nodes (for AGs, this is especially important for synchronous commit replicas).
      • Reliability and redundancy.
      The Exchange DAG guidance focuses on latency and isolation rather than raw bandwidth:
      • “The round-trip return network latency between DAG members must be no greater than 500 milliseconds.”
      For a dedicated heartbeat network, 1 GbE is typically sufficient as long as latency and reliability are good. The 10 GbE links are best reserved for data movement (AG replication / log shipping) and possibly shared with heartbeat if properly isolated from client traffic.
    3. Binding replication to its own network
      The Exchange DAG examples show how to logically separate networks and route replication traffic over dedicated adapters:
      • Replication NICs:
        • No default gateway.
        • No DNS servers configured.
        • “Register this connection’s addresses in DNS” not selected.
        • Static routes used to reach other replication subnets.
      Example from the DAG deployment guidance:
      • MAPI NICs have default gateways and DNS, and provide connectivity to AD, DNS, other servers, and clients.
      • Replication NICs (10.x.x.x) have no default gateway and use persistent static routes to reach replication NICs on other nodes:
        • “Adapters used for Replication networks don’t use default gateways. To provide network connectivity between each of the Replication network adapters, … uses persistent static routes, which they configure by using the Netsh.exe tool.”
      Applied to SQL Server AGs/log shipping:
      • Place each node’s “replication” NICs in dedicated subnets (for example, 10.x.x.x) separate from client networks.
      • Do not configure a default gateway or DNS on the replication NICs.
      • Use persistent static routes so that traffic to partner replicas/log‑shipping partners flows over the replication network.
      • Ensure client connections, AD, and DNS use the client network only.
      This network design naturally “binds” replication and cluster communication between nodes to the replication network, because routing to partner IPs is only available via those NICs.
    4. Binding heartbeat to its own network (if you choose to split it)
      The same principles apply if a separate heartbeat network is created:
      • Give the heartbeat NICs their own subnet(s).
      • No default gateway, no DNS, do not register in DNS.
      • Use static routes if needed so that nodes can reach each other’s heartbeat IPs.
      • In WSFC, configure the cluster networks so that:
        • The heartbeat network is enabled for “Cluster communication only” (no client access).
        • The client network is enabled for “Client and cluster communication.”
        • The replication network can be “Cluster only” or “Cluster and client” depending on design, but for isolation, “Cluster only” is typical.
      The Exchange DAG guidance again shows the pattern of using multiple networks and static routes for replication/cluster traffic, while keeping client traffic separate.
    5. Summary of recommended layout based on the provided guidance A practical, supported design aligned with the documentation is:
      • Client network
        • Used for AG listener, client connections, AD, DNS.
        • Has default gateway and DNS.
        • Cluster network role: Client and cluster communication.
      • Replication network (for AG data movement/log shipping + heartbeat)
        • Dedicated subnets, 10 GbE dual‑port NICs.
        • No default gateway, no DNS, not registered in DNS.
        • Use persistent static routes between replication subnets.
        • Cluster network role: Cluster communication only.
        • Heartbeat and replication share this network; this is consistent with the DAG model.
      Creating a separate heartbeat‑only network is optional and mainly adds complexity. The documentation emphasizes isolating client and replication networks and using static routes and proper NIC configuration rather than splitting heartbeat away from replication.

    References:

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.