12-01-2008 12:08 PM
Hello there, I hope that you can help me. I have a case with the TAC trying to solve this isssue, this is my topology:
+---------+ +---+
| ACE01 | | - |
+---------+ -------- | - | SERVER 01
+---------+ -+ +---- | - |
| 6500-01 | | | | |
+---------+ | | +---+
| | |
| TRUNK +-+-+
| | |
+---------+ | | +---+
| 6500-02 | | | | - |
+---------+ ---+ +- | - | SERVER 02
+---------+ ------- | - |
| ACE02 | | |
+---------+ +---+
I'm attaching the configurations of the ACE's.
The issue is that we have an ACTIVE-STANDBY scenario, the ACTIVE is working fine with no problem, but the STANDBY is not seeing one of those servers, I have no idea why and if I make the failover the Standby works only with one server.
Here is the show rser so you can take a look on the connections:
ACE01/WEBSERVERS# sh rser
rserver : INTRANET01, type: HOST
state : OPERATIONAL
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: INTRANET_50
172.18.186.11:0 8 OPERATIONAL 290 3607
rserver : INTRANET02, type: HOST
state : OPERATIONAL
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: INTRANET_50
172.18.186.12:0 8 OPERATIONAL 293 10009
ACE02/WEBSERVERS# sh rser
rserver : INTRANET01, type: HOST
state : OPERATIONAL
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: INTRANET_50
172.18.186.11:0 8 OPERATIONAL 0 0
rserver : INTRANET02, type: HOST
state : OPERATIONAL
---------------------------------
----------connections-----------
real weight state current total
---+---------------------+------+------------+----------+--------------------
serverfarm: INTRANET_50
172.18.186.12:0 8 OPERATIONAL 291 1058
Some help will be very useful. Thaks to all you guys.
12-02-2008 02:42 AM
HI Payala,
For redundancy to work properly , ensure both the members of an FT group must have identical configurations. Ensure same bandwidth license and same virtual context license.
If there is a mismatch between the virtual context license , Synchronization between active and standby ACE may not work properly.
There is some configuration mismatch I think after looking into your two config files you have send as an attachment.
I find following differences:
1.
ace01
hostname ACE01
boot system image:c6ace-t1k9-mz.3.0.0_A1_6_3a.bin
ace02
peer hostname ACE01
hostname ACE02
boot system image:c6ace-t1k9-mz.A2_1_1a.bin
boot system image:c6ace-t1k9-mz.3.0.0_A1_6_3a.bin
i.e peer hostname is missing on the ace01.
2.
ace01
ft group 9
peer 1
priority 200
associate-context Admin
inservice
ace02
ft group 9
peer 1
associate-context Admin
inservice
no priority is set on ace02 for peer1.
A member(context) of an FT group become the active member through an election process based on the priority .
3.
There is differnce in the vlan config:
ace01
ft interface vlan 400
ip address 172.18.184.254 255.255.255.252
peer ip address 172.18.184.253 255.255.255.252
no shutdown
ace02
interface vlan 401
ip address 172.18.185.21 255.255.255.192
peer ip address 172.18.185.20 255.255.255.192
no shutdown
ft interface vlan 400
ip address 172.18.184.253 255.255.255.252
peer ip address 172.18.184.254 255.255.255.252
no shutdown
Initially you can do one thing for comparing the config files on both the ace servers you can use winmerge software from following url absolutely free:
You can read the at the following urlregarding redundancy on ACE:
Can you please send me the output of the following:
host1/Admin# show ft peer 1 detail
host1/Admin# show version
on both the ACE i.e. ace01 and ace02
thanks and regards,
Sachin Garg
Senior Specialist Security
HCL Comnet Ltd.
A-10, Sector 3, Noida- 201301
INDIA
Mob: +91-9911757733
Email: sachinga@hcl.in
12-02-2008 02:43 PM
Sachin, thanks for all your help. Let me tell you that we discovered what the issue was. Let me tell you that with the next command we saw the problem:
ACE02/WEBSERVERS# show np 2 me-stats -sicm | in Replicate
Replicate bulk sync done sent to HA: 3 0
Replicate connection update existing: 19489 0
Replicate Connection MAC lookup error: 545 0
Replicate connection recv L4: 5755 0
Replicate connection recv LB: 238 0
ACE02/WEBSERVERS#
So with this we saw the MAC lookup errors so we saw that the servers were advertising 2 MAC addresses with only 1 IP. In the moment that we configured the server correctly everything start to work fine.
Thanks for all your assistance.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide