Solved: ace fail over / synchronization question

alanc3141592654 · ‎06-23-2012

Hey all,

I have a customer who has a ace HA pair, the primary ace is shut down, and they've been making changes to the standby ace which has been working ok.

They want to bring up the primary ace again, but I just want to confirm the process so I don't overwrite the configuration of the current standby ace when the primary ace is brought back online.

I don't have any experience with these boxes yet. But I was thinking about turning preemption off and increases the standby priority to make it the primary?

Thoughts?

Many thanks.

Sent from Cisco Technical Support iPad App

ajayku2 · ‎06-25-2012

You can do multiple ways:

1) Simply increase the priority in the current active ACE and disable preempt in both the box that should do.

2) Before connecting the ACE to network you can console into it and reduce the priority and disable the preempt.

----------------------------------------------------------------------------------------------------------------------------------

Also add this command in the active ACE. This will make sure no config sync will happen on Active ACE.

no ft auto-sync running-config

no ft auto-sync startup-config

After bringing up the standby ACE

Verify FT state with the show ft group status command

If the FT state looks good and the current active is still active you can reactivate the above command.

ft auto-sync running-config

ft auto-sync startup-config

Hope that helps.

regards,

Ajay Kumar

View solution in original post

ajayku2 · ‎06-24-2012

Hi,

Dont forget to add below commands in every context.

no ft auto-sync running-config

no ft auto-sync startup-config

The above will make sure no config sync will occur.

The second thing is reduce the priority in standby box before bringing it up.

Make sure preemt is disabled.

Hope it helps.

regards,

Ajay Kumar

alanc3141592654 · ‎06-24-2012

Thanks Ajay,

I would like to make the current primary (the one that is shut down) the primary active again, to be inline with spanning tree root etc.

What would be the easiest way to sync the config of the active secondary ( the one with the lower priority ) to the primary?

Thanks again.

Sent from Cisco Technical Support iPad App

ajayku2 · ‎06-24-2012

Hi,

If you want to sync the config then you dont have to use the following command.

no ft auto-sync running-config

no ft auto-sync startup-config

Start as follows:

(1) Configure a FT VLAN interface & FT PEER on “new replacement ACE”.

Configure all FT groups BUT DO NOT “configure them “inservice”.

Make sure you have IP connectivity OVER FT VLAN to “currently ACTIVE ACE”.

Make sure there is a TCP connection setup OVER FT VLAN (show conn should provide you that information).

(2) Please make sure “preemption” is NOT enabled for the FT group. If enabled please do remove it and re-add after the module is successfully replaced.

Example:

ft group 1

peer 1

no preempt <=====================

peer priority 150

associate-context test

(3) Once you have IP connectivity over FT VLAN to “primary ACE”, now mark the FT GROUP “inservice”.

Example:

ft group 1

peer 1

no preempt

peer priority 150

associate-context test

inservice <===============================

(4) At this time I expect the “auto-sync” to “sync” configs between “currently ACTIVE ACE” & “new standby ACE”.

show ft group detail

show ft peer detail

These “show commands” should help you with verifying the state of FT configuration.

(5) Repeat the above procedure for all context one by one ( Bring Admin context FT "inservice" at the end )

In case if you have are using SSL offloading in any context refer the following thread:

https://supportforums.cisco.com/thread/2156101?tstart=0&viewcondensed

Hope that helps.

regards,

Ajay Kumar

alanc3141592654 · ‎06-24-2012

Thanks for the detail reply Ajay.

I'm not actually replacing the ACE that is currently down, Just bringing it back up. I'm just concerned it will overwrite the active ace with the config since it has a Higher Priority.

So, If I add the no preempt command on ACE that is shut down and that has a higher priority, the active ACE with the lower priority will send the comfiguration to it once it comes back up?

Thanks Again.

A

ajayku2 · ‎06-25-2012

You can do multiple ways:

1) Simply increase the priority in the current active ACE and disable preempt in both the box that should do.

2) Before connecting the ACE to network you can console into it and reduce the priority and disable the preempt.

----------------------------------------------------------------------------------------------------------------------------------

Also add this command in the active ACE. This will make sure no config sync will happen on Active ACE.

no ft auto-sync running-config

no ft auto-sync startup-config

After bringing up the standby ACE

Verify FT state with the show ft group status command

If the FT state looks good and the current active is still active you can reactivate the above command.

ft auto-sync running-config

ft auto-sync startup-config

Hope that helps.

regards,

Ajay Kumar