Re: Can you have two critical services associated to one circuit

michael.e.reid · ‎06-01-2005

Hello,

At the momnet we use the 'pinglist' script for the critical service on our circuits, is it possible to have more than one script as a critical service.

The reason I ask is that I would also like the CSS to failover when the SSL module fails, when this happens the associated SSL service fails. If I can associate the ssl service to the circuits critical service then this should achieve that.

cheers, Mike

wong34539 · ‎06-07-2005

Purpose of critical services is to cease mastership in case the service is not available. Yes it is possible to have more than one script running for critical service. So you can try this out. For more information on configuring critical services have a look at the following URL.

http://www.cisco.com/univercd/cc/td/doc/product/webscale/css/css_720/cmdrefgd/cmdcirip.htm#1139792

michael.e.reid · ‎06-07-2005

Thanks, but I mean is it possible to have two services associated to just one critical service under the circuit config ? Or is there a way to script a keepalive that checks two services.

Ideally I would want to issue something under the circuit configuration like

'ip critical-service 1 '

With service 1 checking the up/downstream network and service 2 checking the ssl module.

Gilles Dufour · ‎06-07-2005

Michael,

let's make it simple, you can't check the SSL module.

The CSS monitor the module by itself and if it fails, the CSS will automatically reboot.

The standby will then take over.

Regards,

Gilles.

michael.e.reid · ‎06-07-2005

Gilles,

When the SSL module fails, the SSL service associated with this also fails, so if the critical service uses this SSL service then the box should failover ?

When the box reboots the standby will take over but as we use the 'preempt' command on the master then it will take over again when it reboots but the SSL module may not be working so all SSL services fail.

cheers,

Michael

Gilles Dufour · ‎06-07-2005

Are you sure the ssl service will fail when the module fails ?

Have you seen it fail in the past ?

My feeling is that this service is always alive.

If you want to avoid the master to preempt when the module is down, you should just not configure preempt.

If you really want to use the ssl service as a critical service, here is how to do it

circuit VLAN30

ip address 192.168.30.112 255.255.255.0

ip virtual-router 30

ip critical-service 30 linux1

ip critical-service 30 lin10

But, honnestly, I would not recommend using the ssl service as a critical service for the reason mentioned before.

Gilles.

michael.e.reid · ‎06-08-2005

Gilles,

When our SSL module failed the other week the associated SSL service was also down. However, as we are set to preempt when the box came back up after the reboot it took over again and the SSL content rules did not work.

For info, is the preempt config useful for anything if we use two identical boxes ? Other than knowing which box is always configured to be the master.

Cheers, Mike

Gilles Dufour · ‎06-08-2005

Good to know that the service was down after reboot.

I learned something today :-)

So, I guess it makes sense to use the ssl service as a critical service.

There is no other reason thn the one you mentioned for using preempt.

Thanks,

Gilles.

michael.e.reid · ‎06-08-2005

Please rate my post then Gilles ;o)