Solved: ACE to track user interface

GIULIO FAINI · ‎09-24-2010

Hello,

Just a few questions on a HA lab to track the user interface. If i configure the primary ACE in the admin-context like this:

ft interface vlan 402 ---->>> FT VLAN
ip address <primary_ip>
peer ip address <secondary_ip>
no shutdown

ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 402

ft group 4     --->> group associated to user-context Juniper
   peer 1
   priority 200     --->>> primary is 200 and secondary is 100
   associate-context Juniper
   inservice

and in the user-context of the primary ACE:

ft track interface vlan202 ---->>> VLAN 202 is where VIPs are configured in the Juniper user-context
track-interface vlan 202
peer track-interface vlan 202
priority 110

peer priority 100

1.- the command "peer-track interface" is useful in case the primary ACE and secondary ACE are not connected on vlan 202 via the same single switch? i guess without this command the secondary wouldnt track the user interface 202.

2.- Do i need to specify "peer priority 100" in the user context for the secondary ACE? Is it used to set the priority of the secondary once the primary becomes standby? Default is 100 for secondary so i think its not useful.

3.- Can i configure preempt delay in ACE?

Thanks,

Giulio.

yushimaz · ‎09-26-2010

As you indicated, 'peer track-interface [vlan]' command is to set track interface

to standby ACE. If you don't configure this command, standby ACE doesn't

track vlan interface. By default, since active and standby ACE configurations are

sync'ed, you cannot configure on standby ACE. In stead of configuring standby

ACE, peer commands are implemented.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/command/reference/fttrack.html#wp1036319

'peer priority [priority]' on ft track-interface mode is the command to decrement

priority value on standby ACE.

Default 'peer priority' value on ft track-interface is 10.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/command/reference/fttrack.html#wp1009137

If you configure 'peer priority 100' on ft track-interface mode and vlan 202

goes down, the priority on standby ACE becomes 0.

(default ft group peer priority 100 - ft track interface priority 100 = 0)

I recommend you configure peer priority as 11 or larger.

In general, these commands are used as below.

ft group 2

peer 1

priority 105

peer priority 100 (default)

associate-context cisco

inservice

ft track interface vlan202

track-interface vlan 202

peer track-interface vlan 202

priority 10 (default)

peer priority 10 (default)

- If only primary vlan 202 goes down, failover occurs.

Priority on primary ACE : 105 - 10 = 95

Priority on secondary ACE : 100

primary 95 < secondary 100

- If primary vlan 202 returns up, failback occurs.

Priority on primary ACE : 95 + 10 = 105

Priority on secondary ACE : 100

primary 110 > secondary 100

- If both primary and standby vlan 202 go down, failover doesn't occur.

Priority on primary ACE : 105 - 10 = 95

Priority on secondary ACE : 100 - 10 = 90

primary 95 > secondary 90

Finally, ACE doesn't support 'preempt delay' command.

Regards,

Yuji

View solution in original post

yushimaz · ‎09-28-2010

Hi Giulio

Could you please check 'ft group 4' configuration on your standby ACE?

Probably, you configure 'priority 105' on standby too. If so, please change configuration

from 'priority 105' to 'peer priority 105' on standby ACE.

# active admin context

ft group 4

peer 1

priority 105

associate-context Juniper

inservice

# standby admin context

ft group 4

peer 1

peer priority 105 <<==

associate-context Juniper

inservice

I checked your configuration and found you configured ft group for Juniper context only.

This means Admin context is not sync'ed. (I was misled into thinking that your admin

context is also sync'ed.)

If ft group for admin context is configured, you configure 'priority 105' on active admin context

only since 'priority 105' configuration is automatically converted to 'peer priority 105' and set

to standby ACE.

However, if ft group for admin context is not configured, your should configure both active and

standby ACE manually. Furthermore, you have to convert them by hand.

Since admin context of my ACE appliance is synced as below, I only configured 'ft group 4'

on active ACE. (Standby ACE was automatically set 'peer priority 105'.)

This behavior is same with module and appliance.

# my ace appliance configuration

ACE4710a/Admin# sh run ft | b group

Generating configuration....

ft group 1

peer 1

priority 105

associate-context Admin

inservice

ft group 4

peer 1

priority 105

associate-context test

inservice

ACE4710a/Admin# sh ft gr sum

FT Group : 1

Configured Status : in-service

Maintenance mode : MAINT_MODE_OFF

My State : FSM_FT_STATE_ACTIVE

My Config Priority : 105

My Net Priority : 105

My Preempt : Enabled

Peer State : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority : 100

Peer Net Priority : 100

Peer Preempt : Enabled

Peer Id : 1

No. of Contexts : 1

FT Group : 4

Configured Status : in-service

Maintenance mode : MAINT_MODE_OFF

My State : FSM_FT_STATE_ACTIVE

My Config Priority : 105

My Net Priority : 105

My Preempt : Enabled

Peer State : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority : 100

Peer Net Priority : 100

Peer Preempt : Enabled

Peer Id : 1

No. of Contexts : 1

ACE4710a/Admin#

Regards,

Yuji

View solution in original post

yushimaz · ‎09-26-2010

As you indicated, 'peer track-interface [vlan]' command is to set track interface

to standby ACE. If you don't configure this command, standby ACE doesn't

track vlan interface. By default, since active and standby ACE configurations are

sync'ed, you cannot configure on standby ACE. In stead of configuring standby

ACE, peer commands are implemented.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/command/reference/fttrack.html#wp1036319

'peer priority [priority]' on ft track-interface mode is the command to decrement

priority value on standby ACE.

Default 'peer priority' value on ft track-interface is 10.

http://www.cisco.com/en/US/docs/interfaces_modules/services_modules/ace/vA2_3_0/command/reference/fttrack.html#wp1009137

If you configure 'peer priority 100' on ft track-interface mode and vlan 202

goes down, the priority on standby ACE becomes 0.

(default ft group peer priority 100 - ft track interface priority 100 = 0)

I recommend you configure peer priority as 11 or larger.

In general, these commands are used as below.

ft group 2

peer 1

priority 105

peer priority 100 (default)

associate-context cisco

inservice

ft track interface vlan202

track-interface vlan 202

peer track-interface vlan 202

priority 10 (default)

peer priority 10 (default)

- If only primary vlan 202 goes down, failover occurs.

Priority on primary ACE : 105 - 10 = 95

Priority on secondary ACE : 100

primary 95 < secondary 100

- If primary vlan 202 returns up, failback occurs.

Priority on primary ACE : 95 + 10 = 105

Priority on secondary ACE : 100

primary 110 > secondary 100

- If both primary and standby vlan 202 go down, failover doesn't occur.

Priority on primary ACE : 105 - 10 = 95

Priority on secondary ACE : 100 - 10 = 90

primary 95 > secondary 90

Finally, ACE doesn't support 'preempt delay' command.

Regards,

Yuji

GIULIO FAINI · ‎09-27-2010

Thanks for the answer.

I dont understand why the secondary, ACE2, doesnt tell me what priority he is at:

ACE1/Juniper# sh ft group detail

FT Group                     : 4
No. of Contexts              : 1
Context Name                 : Juniper
Context Id                   : 1
Configured Status            : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
My Config Priority           : 105                <------------- OK
My Net Priority              : 105
My Preempt                   : Enabled
Peer State                   : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority         : 105
Peer Net Priority            : 105
Peer Preempt                 : Enabled
Peer Id                      : 1
Last State Change time       : Mon Sep 27 11:59:38 2010

Running cfg sync enabled     : Enabled
Running cfg sync status      : Running configuration sync has completed
Startup cfg sync enabled     : Enabled
Startup cfg sync status      : Startup configuration sync has completed

-------------------------------------------------------------------------------------------------------------------------------------

ACE2/Admin# sh ft group detail

FT Group                     : 4
No. of Contexts              : 1
Context Name                 : Juniper
Context Id                   : 1
Configured Status            : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_STANDBY_HOT
My Config Priority           : 105 <--- why its not 100??
My Net Priority              : 105 <--- why its not 100??
My Preempt                   : Enabled
Peer State                   : FSM_FT_STATE_ACTIVE
Peer Config Priority         : 105
Peer Net Priority            : 105
Peer Preempt                 : Enabled
Peer Id                      : 1
Last State Change time       : Mon Sep 27 11:46:10 2010

Running cfg sync enabled     : Enabled
Running cfg sync status      : Running configuration sync has completed
Startup cfg sync enabled     : Enabled
Startup cfg sync status      : Startup configuration sync has completed
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
ACE2/Admin#

The config both in ACE1 (primary) and ACE2 (secondary) is:

ft group 4
peer 1
priority 105
associate-context Juniper
inservice

Because the STANDBY is not seen as 100 as priority, the primary will not re-preempt back.

yushimaz · ‎09-27-2010

I checked the behavior in my lab with ACE appliance/A3(2.6) but I couldn't recreate your behavior.

Peer Priority on active ACE should be 100 since default value is 100.

Could you please try to configure 'peer priority 90' and then reapply 'peer priority 100' on ft group?

The problem may recover.

To troubleshoot, I need 'show ft history cfg_cntlr', 'show ft history ha_mgr', 'show ft history ha_dp_mgr',

'show accounting log', and 'show version'.

From 'show ft history' commands, we may find out when peer priority was set to 105.

'show accounting log' is to make clear the configuration step. 'show version' help me to

search and narrow down a bug.

If you cannot attach logs due to confidential info, please check their commands.

ACE4710a/Admin# sh run ft

Generating configuration....

[snip]

ft group 4

peer 1

priority 105

associate-context test

inservice

ACE4710a/Admin# sh ft gr 4 detail

FT Group : 4

No. of Contexts : 1

Context Name : test

Context Id : 6

Configured Status : in-service

Maintenance mode : MAINT_MODE_OFF

My State : FSM_FT_STATE_ACTIVE

My Config Priority : 105

My Net Priority : 105

My Preempt : Enabled

Peer State : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority : 100 <<

Peer Net Priority : 100 <<

Peer Preempt : Enabled

Peer Id : 1

Last State Change time : Mon Sep 27 20:12:01 2010

Running cfg sync enabled : Enabled

Running cfg sync status : Running configuration sync has completed

Startup cfg sync enabled : Enabled

Startup cfg sync status : Startup configuration sync has completed

Bulk sync done for ARP: 0

Bulk sync done for LB: 0

Bulk sync done for ICM: 0

When I configured priority command on active ACE, the follows are logged on ha_mgr.

I'm not sure when your peer priority was updated but it may be logged in 'show ft history' output.

ACE4710a/Admin# sh ft history ha_mgr

[snip]

5:118151 => Sep 27 20:11:44: ha_ft_group_update_config_priority:327 ft_group_id 4, config_priority 105, sense 1

5:118152 => Sep 27 20:11:44: ft_group_update_config_priority:2481 Adjusted FT Group 4's net priority 105 FT config_priority 105

[snip]

Regards,

Yuji

GIULIO FAINI · ‎09-28-2010

Hello,

Thanks. I upgraded to A2(3.2) but still the same issue as shown in the attached commands.

I am using a ACE module 10, not the appliance but i guess it should be the same.

Thanks for your help.

Giulio

yushimaz · ‎09-28-2010

Hi Giulio

Could you please check 'ft group 4' configuration on your standby ACE?

Probably, you configure 'priority 105' on standby too. If so, please change configuration

from 'priority 105' to 'peer priority 105' on standby ACE.

# active admin context

ft group 4

peer 1

priority 105

associate-context Juniper

inservice

# standby admin context

ft group 4

peer 1

peer priority 105 <<==

associate-context Juniper

inservice

I checked your configuration and found you configured ft group for Juniper context only.

This means Admin context is not sync'ed. (I was misled into thinking that your admin

context is also sync'ed.)

If ft group for admin context is configured, you configure 'priority 105' on active admin context

only since 'priority 105' configuration is automatically converted to 'peer priority 105' and set

to standby ACE.

However, if ft group for admin context is not configured, your should configure both active and

standby ACE manually. Furthermore, you have to convert them by hand.

Since admin context of my ACE appliance is synced as below, I only configured 'ft group 4'

on active ACE. (Standby ACE was automatically set 'peer priority 105'.)

This behavior is same with module and appliance.

# my ace appliance configuration

ACE4710a/Admin# sh run ft | b group

Generating configuration....

ft group 1

peer 1

priority 105

associate-context Admin

inservice

ft group 4

peer 1

priority 105

associate-context test

inservice

ACE4710a/Admin# sh ft gr sum

FT Group : 1

Configured Status : in-service

Maintenance mode : MAINT_MODE_OFF

My State : FSM_FT_STATE_ACTIVE

My Config Priority : 105

My Net Priority : 105

My Preempt : Enabled

Peer State : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority : 100

Peer Net Priority : 100

Peer Preempt : Enabled

Peer Id : 1

No. of Contexts : 1

FT Group : 4

Configured Status : in-service

Maintenance mode : MAINT_MODE_OFF

My State : FSM_FT_STATE_ACTIVE

My Config Priority : 105

My Net Priority : 105

My Preempt : Enabled

Peer State : FSM_FT_STATE_STANDBY_HOT

Peer Config Priority : 100

Peer Net Priority : 100

Peer Preempt : Enabled

Peer Id : 1

No. of Contexts : 1

ACE4710a/Admin#

Regards,

Yuji