https://community.cisco.com/t5/data-center-and-cloud-knowledge-base/replacing-a-failed-ace-appliance-in-failover-pair/ta-p/3130765 <P><LI-TOC indent="15" liststyle="disc" maxheadinglevel="2"></LI-TOC></P><P>&nbsp;</P><P>&nbsp;</P><H2><SPAN class="mw-headline">Introduction</SPAN></H2><P>In Cisco ACE the redundancy feature provides seamless switchover in case an ACE becomes unresponsive or a critical host or interface fails. ACE has robust software and hardware that makes it possible to handle high volume of traffic at real time. Cisco ACE supports virtualized architecture to increase datacenter scalability. Two ACEs, properly configured, form a failover pair. Each appliance can contain one or more fault-tolerant&nbsp; (FT) groups. Each FT group consists of one active context&nbsp; and one standby context. Each FT group acts as an independent redundancy instance. When a switchover occurs, the active member in the FT group&nbsp; becomes the standby member and the original standby member becomes the&nbsp; active member. To achieve active-active redundancy, a minimum of two contexts and two FT groups are required on each ACE.</P><P>&nbsp;</P><H2>Core Issue</H2><P>A failed ACE appliance is required to be replaced. The configuration should be preserved and the primary switchover need to happen.</P><P>&nbsp;</P><P><STRONG>Stateful Failover and Config sync</STRONG></P><P><SPAN>Cisco ACE </SPAN>replicates flows on the active FT group member to&nbsp; the standby group member per connection for each context. The&nbsp; replicated flows contain all the flow-state information necessary for&nbsp; the standby member to take over the flow if the active member becomes&nbsp; unresponsive. Note that ACE does not support the stateful failover of any&nbsp; connections that are proxied. Such connections include Layer 7&nbsp; connections (including SSL), inspection, and HTTP compression.</P><P>Redundancy uses a <EM>dedicated</EM> FT VLAN between redundant ACEs to transmit flow-state information and the redundancy heartbeat. You must configure this same VLAN on both peer ACEs. You also must configure a different IP address within the same subnet on each ACE for the FT VLAN.</P><P>The ACE automatically replicates the active configuration on the standby member during config sync. This process automatically replicates any changes in the configuration from active to standby peer.</P><P>&nbsp;</P><P><STRONG>Network Diagram</STRONG></P><P><STRONG><IMG src="https://community.cisco.com/legacyfs/online/legacy/5/9/7/68795-acef.png" border="0" alt="acef.png" /></STRONG></P><H2>Resolution</H2><P>Follow these steps to swap the failed device and get it back in sync with the primary:</P><P>&nbsp;</P><P>a) Complete all the physical network connectivity.</P><P>b) Disable config auto-sync in the primary ACE.</P><P>c) Configure the management Vlan for basic network connectivity.</P><P>d) Make sure the new device has the same code as the primary; if not you'll need to upgrade it.</P><P>e) Install the license (if used).</P><P>f) Copy all the SSL files stored in the primary APP. (If any)</P><P>g) Copy the scripted keepalives (If any)</P><P>h) Configure the FT interface Vlan, FT peer, FT group for the Admin context. (Be careful about the priority you assign).</P><P>i) Re-enable config auto-sync on the primary APP in order to replicate the config to the standby.</P><P>&nbsp;</P><H2><SPAN class="mw-headline">Related Information</SPAN></H2><P><A href="https://community.cisco.com/document/32241/configuring-ace-4710-appliance-high-availability" target="_blank">Configuring ACE 4710 appliance for High Availability</A></P><P><A href="https://community.cisco.com/document/74201/ace-module-failover-pair-activeactive-situation" target="_blank">ACE module Failover pair in active/active situation</A></P><P>&nbsp;</P> Tue, 29 Aug 2017 11:48:57 GMT Sandeep Singh 2017-08-29T11:48:57Z https://community.cisco.com/t5/data-center-and-cloud-knowledge-base/replacing-a-failed-ace-appliance-in-failover-pair/ta-p/3130765 <P><LI-TOC indent="15" liststyle="disc" maxheadinglevel="2"></LI-TOC></P><P>&nbsp;</P><P>&nbsp;</P><H2><SPAN class="mw-headline">Introduction</SPAN></H2><P>In Cisco ACE the redundancy feature provides seamless switchover in case an ACE becomes unresponsive or a critical host or interface fails. ACE has robust software and hardware that makes it possible to handle high volume of traffic at real time. Cisco ACE supports virtualized architecture to increase datacenter scalability. Two ACEs, properly configured, form a failover pair. Each appliance can contain one or more fault-tolerant&nbsp; (FT) groups. Each FT group consists of one active context&nbsp; and one standby context. Each FT group acts as an independent redundancy instance. When a switchover occurs, the active member in the FT group&nbsp; becomes the standby member and the original standby member becomes the&nbsp; active member. To achieve active-active redundancy, a minimum of two contexts and two FT groups are required on each ACE.</P><P>&nbsp;</P><H2>Core Issue</H2><P>A failed ACE appliance is required to be replaced. The configuration should be preserved and the primary switchover need to happen.</P><P>&nbsp;</P><P><STRONG>Stateful Failover and Config sync</STRONG></P><P><SPAN>Cisco ACE </SPAN>replicates flows on the active FT group member to&nbsp; the standby group member per connection for each context. The&nbsp; replicated flows contain all the flow-state information necessary for&nbsp; the standby member to take over the flow if the active member becomes&nbsp; unresponsive. Note that ACE does not support the stateful failover of any&nbsp; connections that are proxied. Such connections include Layer 7&nbsp; connections (including SSL), inspection, and HTTP compression.</P><P>Redundancy uses a <EM>dedicated</EM> FT VLAN between redundant ACEs to transmit flow-state information and the redundancy heartbeat. You must configure this same VLAN on both peer ACEs. You also must configure a different IP address within the same subnet on each ACE for the FT VLAN.</P><P>The ACE automatically replicates the active configuration on the standby member during config sync. This process automatically replicates any changes in the configuration from active to standby peer.</P><P>&nbsp;</P><P><STRONG>Network Diagram</STRONG></P><P><STRONG><IMG src="https://community.cisco.com/legacyfs/online/legacy/5/9/7/68795-acef.png" border="0" alt="acef.png" /></STRONG></P><H2>Resolution</H2><P>Follow these steps to swap the failed device and get it back in sync with the primary:</P><P>&nbsp;</P><P>a) Complete all the physical network connectivity.</P><P>b) Disable config auto-sync in the primary ACE.</P><P>c) Configure the management Vlan for basic network connectivity.</P><P>d) Make sure the new device has the same code as the primary; if not you'll need to upgrade it.</P><P>e) Install the license (if used).</P><P>f) Copy all the SSL files stored in the primary APP. (If any)</P><P>g) Copy the scripted keepalives (If any)</P><P>h) Configure the FT interface Vlan, FT peer, FT group for the Admin context. (Be careful about the priority you assign).</P><P>i) Re-enable config auto-sync on the primary APP in order to replicate the config to the standby.</P><P>&nbsp;</P><H2><SPAN class="mw-headline">Related Information</SPAN></H2><P><A href="https://community.cisco.com/document/32241/configuring-ace-4710-appliance-high-availability" target="_blank">Configuring ACE 4710 appliance for High Availability</A></P><P><A href="https://community.cisco.com/document/74201/ace-module-failover-pair-activeactive-situation" target="_blank">ACE module Failover pair in active/active situation</A></P><P>&nbsp;</P> Tue, 29 Aug 2017 11:48:57 GMT https://community.cisco.com/t5/data-center-and-cloud-knowledge-base/replacing-a-failed-ace-appliance-in-failover-pair/ta-p/3130765 Sandeep Singh 2017-08-29T11:48:57Z