Solved: Re: ACE failover and preempt

niklaslund · ‎10-19-2010

Hi,

We are trying to setup a ACE 4710 FT solution with following charateristics.

Standby ACE should takeover in case of primary ACE failure due to any of: completly lost (power failure), single interface down, reboot, lower tracking priority.

The standby ACE now becomes active and should stay active even if the "old" active (primary) comes back to nomal state.

Is this possible?

We want to limit the failure scenario to one failover.

Niklas

Pablo · ‎10-20-2010

Hi Niklas,

Sorry I overlooked the part where you mentioned tracking was required.

Yup this possible, I tried this once when worked for TAC and I can assure, it works like a charm but

with a slight change, the ft tracking needs to be type host instead of interface.

Here is the paper tha explains how to accomplish this, please look for: Preemption with Fault-Tolerant Tracking

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/ps8361/guide_c07-572616_ps7027_Products_White_Paper.html

HTH

__ __

Pablo

View solution in original post

Pablo · ‎10-19-2010

Hi Niklas,

Yes you can achieve this on the ACE if you disable preemption from FT groups so that when a failover occurs, the higher priority ACE will not force the Standby ACE to failover back to it. Without 'preempt', the priorities only apply if both ACE4710 were rebooted at the same time and had to negotiate who becomes Active first.

Example;

ft group #

peer 7

no preempt

priority 175

peer priority 125

associate-context [name]

inservice

HTH.

__ __

Pablo

niklaslund · ‎10-20-2010

Pablo,

Understood, but at the same time you limit the failover detection to only be reachabillity on the crossover between the ACE boxes.

From Chapter 6 in the ACE Configuration manual (Configuring Redundant ACE Appliances):

You must configure preemption for tracking switchover to work. For details on

preemption, see the “Configuring Preemption” section.

So my initial characteristics are not met, we will not as an example be able to fail the primary ACE when an interface is down (tracking needed).

I would like to be able specify preempt per physical box, i.e. standby should be able to preempt the primary but not the other way around, this is how it works in IOS.

Actually ACE CLI lists preempt status per box “my” and “peer” but I cannot configure it that way and meet my initial characteristics.

Niklas

Pablo · ‎10-20-2010

Hi Niklas,

Sorry I overlooked the part where you mentioned tracking was required.

Yup this possible, I tried this once when worked for TAC and I can assure, it works like a charm but

with a slight change, the ft tracking needs to be type host instead of interface.

Here is the paper tha explains how to accomplish this, please look for: Preemption with Fault-Tolerant Tracking

http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/ps8361/guide_c07-572616_ps7027_Products_White_Paper.html

HTH

__ __

Pablo

niklaslund · ‎10-21-2010

Pablo,

Thanks, that's a good document; it got us on the right track.

Now the ACE behaves the way we want.

Actually some extra access-lists is needed, we put them in the switches....
This is needed to block ICMP echo from ACE, since the probe will continue to ping the failing gateway using the source IP of the interface where it has its default gateway configured when a connected vlan interface is down.

Thanks

Niklas

Pablo · ‎10-21-2010

Glad to help buddy

Have a great one!

__ __

Pablo

jteixido · ‎10-27-2010

Niklaslund,

Please send me the link to chapter 6 that speaks about preemption.

Thank you,

John...