Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
435
Views
0
Helpful
2
Replies

ACE Standby issues with 2 servers

payala
Level 1
Level 1

‎12-01-2008 12:08 PM

Hello there, I hope that you can help me. I have a case with the TAC trying to solve this isssue, this is my topology:

+---------+ +---+

| ACE01 | | - |

+---------+ -------- | - | SERVER 01

+---------+ -+ +---- | - |

| 6500-01 | | | | |

+---------+ | | +---+

| | |

| TRUNK +-+-+

| | |

+---------+ | | +---+

| 6500-02 | | | | - |

+---------+ ---+ +- | - | SERVER 02

+---------+ ------- | - |

| ACE02 | | |

+---------+ +---+

I'm attaching the configurations of the ACE's.

The issue is that we have an ACTIVE-STANDBY scenario, the ACTIVE is working fine with no problem, but the STANDBY is not seeing one of those servers, I have no idea why and if I make the failover the Standby works only with one server.

Here is the show rser so you can take a look on the connections:

ACE01/WEBSERVERS# sh rser

rserver : INTRANET01, type: HOST

state : OPERATIONAL

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: INTRANET_50

172.18.186.11:0 8 OPERATIONAL 290 3607

rserver : INTRANET02, type: HOST

state : OPERATIONAL

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: INTRANET_50

172.18.186.12:0 8 OPERATIONAL 293 10009

ACE02/WEBSERVERS# sh rser

rserver : INTRANET01, type: HOST

state : OPERATIONAL

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: INTRANET_50

172.18.186.11:0 8 OPERATIONAL 0 0

rserver : INTRANET02, type: HOST

state : OPERATIONAL

---------------------------------

----------connections-----------

real weight state current total

---+---------------------+------+------------+----------+--------------------

serverfarm: INTRANET_50

172.18.186.12:0 8 OPERATIONAL 291 1058

Some help will be very useful. Thaks to all you guys.

Labels:
Preview file
4 KB
Preview file
4 KB
0 Helpful
2 Replies 2

sachinga.hcl
Level 4
Level 4

‎12-02-2008 02:42 AM

HI Payala,

For redundancy to work properly , ensure both the members of an FT group must have identical configurations. Ensure same bandwidth license and same virtual context license.

If there is a mismatch between the virtual context license , Synchronization between active and standby ACE may not work properly.

There is some configuration mismatch I think after looking into your two config files you have send as an attachment.

I find following differences:

1.

ace01

hostname ACE01

boot system image:c6ace-t1k9-mz.3.0.0_A1_6_3a.bin

ace02

peer hostname ACE01

hostname ACE02

boot system image:c6ace-t1k9-mz.A2_1_1a.bin

boot system image:c6ace-t1k9-mz.3.0.0_A1_6_3a.bin

i.e peer hostname is missing on the ace01.

2.

ace01

ft group 9

peer 1

priority 200

associate-context Admin

inservice

ace02

ft group 9

peer 1

associate-context Admin

inservice

no priority is set on ace02 for peer1.

A member(context) of an FT group become the active member through an election process based on the priority .

3.

There is differnce in the vlan config:

ace01

ft interface vlan 400

ip address 172.18.184.254 255.255.255.252

peer ip address 172.18.184.253 255.255.255.252

no shutdown

ace02

interface vlan 401

ip address 172.18.185.21 255.255.255.192

peer ip address 172.18.185.20 255.255.255.192

no shutdown

ft interface vlan 400

ip address 172.18.184.253 255.255.255.252

peer ip address 172.18.184.254 255.255.255.252

no shutdown

Initially you can do one thing for comparing the config files on both the ace servers you can use winmerge software from following url absolutely free:

http://winmerge.org/

You can read the at the following urlregarding redundancy on ACE:

http://www.cisco.com/en/US/docs/app_ntwk_services/data_center_app_services/ace_appliances/vA3_1_0/configuration/admin/guide/redundcy.html

Can you please send me the output of the following:

host1/Admin# show ft peer 1 detail

host1/Admin# show version

on both the ACE i.e. ace01 and ace02

thanks and regards,

Sachin Garg

Senior Specialist Security

HCL Comnet Ltd.

http://www.hclcomnet.co.in

A-10, Sector 3, Noida- 201301

INDIA

Mob: +91-9911757733

Email: sachinga@hcl.in

0 Helpful

payala
Level 1
Level 1
In response to sachinga.hcl

‎12-02-2008 02:43 PM

Sachin, thanks for all your help. Let me tell you that we discovered what the issue was. Let me tell you that with the next command we saw the problem:

ACE02/WEBSERVERS# show np 2 me-stats -sicm | in Replicate

Replicate bulk sync done sent to HA: 3 0

Replicate connection update existing: 19489 0

Replicate Connection MAC lookup error: 545 0

Replicate connection recv L4: 5755 0

Replicate connection recv LB: 238 0

ACE02/WEBSERVERS#

So with this we saw the MAC lookup errors so we saw that the servers were advertising 2 MAC addresses with only 1 IP. In the moment that we configured the server correctly everything start to work fine.

Thanks for all your assistance.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents