cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2581
Views
0
Helpful
2
Replies

ACE 4710 - FT Fault Tolerance Problem - Active /Active

jeremy-keen
Level 1
Level 1

Hello all,

I have a situation with 2 ACE 4710 appliances and fault tolerance.  The 2 devices can see each other, and have sync'd configs.  The issue is when I physically disconnect the active ACE from the switch, the redundant ACE become active (as expected), however the disconnected ACE also reports it's state as active.

I am not sure if this is normal, as the disconnected ACE has no way of knowing the state/priority value of the redundant ACE.  It does however decrease it's priority value as configured.

The real problem comes when I reconnect the ACE - I have a situation where both ACE's are active, and clients can't fetch content from the serverfarm for 30-60secs.  I presume this is because of  possible VMAC conflicts in the switches MAC address table or similar?

I have tried using both query-interface and the tracking interface options with the same results, also note I have preemption enabled, and am using different shared VLAN id's on the ACES.  The ft config is below;

ACE1

ft interface vlan 200
  ip address 192.168.254.9 255.255.255.0
  peer ip address 192.168.254.10 255.255.255.0
  no shutdown

ft peer 1
  heartbeat interval 300
  heartbeat count 10
  ft-interface vlan 200


ft group 1
  peer 1
  priority 70
  peer priority 50
  associate-context Admin
  inservice

ft track interface FT_TRACK_vlan31
  track-interface vlan 31
  peer track-interface vlan 31
  priority 30
  peer priority 30

ft group 2
  peer 1
  priority 70
  peer priority 50
  associate-context VC_DMZ1Exchange2010
  inservice

ACE2

ft interface vlan 200
  ip address 192.168.254.10 255.255.255.0
  peer ip address 192.168.254.9 255.255.255.0
  no shutdown

ft peer 1
  heartbeat interval 300
  heartbeat count 10
  ft-interface vlan 200


ft group 1
  peer 1
  priority 50
  peer priority 70
  associate-context Admin
  inservice

ft track interface FT_TRACK_vlan31
  track-interface vlan 31
  peer track-interface vlan 31
  priority 30
  peer priority 30

ft group 2
  peer 1
  priority 50
  peer priority 70
  associate-context VC_DMZ1Exchange2010
  inservice

This is the state of the ft groups on the disconnected ACE (whilst disconnected)

FT Group                     : 1
Status                       : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
My Config Priority           : 70
My Net Priority              : 40
My Preempt                   : Enabled
Context Name                 : Admin
Context Id                   : 0
Track Name                   : FT_TRACK_vlan31
Track type                   : TRACK_INTF
Vlan Id                      : 31
State                        : TRACK_DOWN
Priority                     : 30
Transitions                  : 8


FT Group                     : 2
Status                       : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
My Config Priority           : 70
My Net Priority              : 40
My Preempt                   : Enabled
Context Name                 : VC_DMZ1Exchange2010
Context Id                   : 1
Track Name                   : FT_TRACK_vlan31
Track type                   : TRACK_INTF
Vlan Id                      : 31
State                        : TRACK_DOWN
Priority                     : 30
Transitions                  : 4

Please let me know if you need any more details, and thanks in advance for any help.

Cheers,

Jeremy

2 Replies 2

jlamousn
Level 1
Level 1

Jeremy,

Once you disconnect the 1st ACE, he will no longer receive heartbeats from the standby and because he has no way of knowing the state/priority value of the redundant ACE, he would become active.  So that is normal.

When you reconnect the interface, both aces would be active until they reconverge and at that time whoever has the highest priority would remain active and the other would demote to standby.

To protect yourself from this situation, I would suggest you use a separate physical interface for the ft vlan from the one that carries the rest of your vlans including the query vlan.  And go directly to the other ace using a crossover for that ft interface link, bypassing the switch.

Thanks

Joel Lamousnery

TAC Customer Support Engineer

Joel Lamousnery CCIE R&S - 36768 Engineer, Customer Support Technical Services

Hi ,

I have the same problem .The setup includes a dedicated FT interface.

In my searches i found : http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/ps8361/guide_c07-572616.pdf

Look at : Preemtion with fault-tolerant tracking

Also think about the spanning-tree on the switches that ACEs connects to : do you have portfast enabled on that ports ?

Dan

Review Cisco Networking for a $25 gift card