06-02-2010 09:03 AM
Hello All,
Im new about ACE´s this is my first implementations and i got some questions about redundancy.
I have two ACE-20 Modules, each one has diferents contexts for differents applications, I want redundancy and Backup
between them, so i want One has an Active Context1 and BAckup or Standby of the Other Context2 of the other ACE and viceversa.
What would be the configurations to achieve this?
Do i need write the Context configuration on each ACE ( Active, Standby ) or its gonna be automatic the syncro
of the configs??
Example:
6500 CHASSIS 1 6500 CHASSIS 2
ACE MODULE 1 < -------- > ACE MODULE 2
V-CONTEXT-A ( Active) < -------- > V-CONTEXT-A ( Standby)
V-CONTEXT-B ( Standby) < -------- > V-CONTEXT-A ( Active)
Configuration ACE MODULE 1:
interface vlan 1000
ip address 172.25.91.110 255.255.255.0
peer ip address 172.25.91.111 255.255.255.0
alias ip address 172.25.91.112 255.255.255.0
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft interface vlan 60
ip address 10.10.60.10 255.255.255.0
peer ip address 10.10.60.11 255.255.255.0
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 60
query-interface vlan 1000
ft group 1
peer 1
associate-context V_CONTEXT-A
inservice
I will appreciate your help because im lost on this.
Thanks in Advance.
Robert.
Solved! Go to Solution.
06-02-2010 12:40 PM
Hi Robert,
The process of selecting which module has active ownership of a given context is determined by the priority, much like HSRP. In your configuration, you want to "share the load" of your two virtual contexts between the two modules. Also remember to define priority for your admin-context as well.
This sample config should help you get started:
ACE/CHASSIS 1
------------------------
interface vlan 1000
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft interface vlan 60
ip address 10.10.60.10 255.255.255.0
peer ip address 10.10.60.11 255.255.255.0
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 60
query-interface vlan 1000
ft group 1
peer 1
priority 250
peer priority 200
associate-context Admin
inservice
ACE/CHASSIS 2
------------------------
interface vlan 1000
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft interface vlan 60
ip address 10.10.60.11 255.255.255.0
peer ip address 10.10.60.10 255.255.255.0
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 60
query-interface vlan 1000
ft group 1
peer 1
priority 200
peer priority 250
associate-context Admin
inservice
since you omitted the part of your configuration, I assume that you've already configured ressource-classes, access-lists, snmp etc.
Once the baseline Admin-context has been configured, make sure that the FT is working properly. Issue a 'sh ft grou status' on the admin-context and make sure, that it reads something like this:
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Id : 1
No. of Contexts : 1
Then, define your virtual contexts, resource-class allocation and vlan-allocation. And then simply repeat the FT-group configuration and prioritize your contexts according to your needs. Since the FT is already established and, hopefully, working, you only need to configure this on the active Admin-context:
ft group 2
peer 1
priority 250
peer priority 200
associate-context V-CONTEXT-A
inservice
ft group 3
peer 1
priority 200
peer priority 250
associate-context V-CONTEXT-B
inservice
You could end your work by issuing a 'show ft group status' the verify the FT for the two virtual contexts. Just remember, that initially the status might very well read BULK. This changes, once the sync is completed.
hth
/Ulrich
06-02-2010 12:40 PM
Hi Robert,
The process of selecting which module has active ownership of a given context is determined by the priority, much like HSRP. In your configuration, you want to "share the load" of your two virtual contexts between the two modules. Also remember to define priority for your admin-context as well.
This sample config should help you get started:
ACE/CHASSIS 1
------------------------
interface vlan 1000
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft interface vlan 60
ip address 10.10.60.10 255.255.255.0
peer ip address 10.10.60.11 255.255.255.0
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 60
query-interface vlan 1000
ft group 1
peer 1
priority 250
peer priority 200
associate-context Admin
inservice
ACE/CHASSIS 2
------------------------
interface vlan 1000
service-policy input REMOTE_MGMT_ALLOW_POLICY
no shutdown
ft interface vlan 60
ip address 10.10.60.11 255.255.255.0
peer ip address 10.10.60.10 255.255.255.0
ft peer 1
heartbeat interval 300
heartbeat count 20
ft-interface vlan 60
query-interface vlan 1000
ft group 1
peer 1
priority 200
peer priority 250
associate-context Admin
inservice
since you omitted the part of your configuration, I assume that you've already configured ressource-classes, access-lists, snmp etc.
Once the baseline Admin-context has been configured, make sure that the FT is working properly. Issue a 'sh ft grou status' on the admin-context and make sure, that it reads something like this:
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Id : 1
No. of Contexts : 1
Then, define your virtual contexts, resource-class allocation and vlan-allocation. And then simply repeat the FT-group configuration and prioritize your contexts according to your needs. Since the FT is already established and, hopefully, working, you only need to configure this on the active Admin-context:
ft group 2
peer 1
priority 250
peer priority 200
associate-context V-CONTEXT-A
inservice
ft group 3
peer 1
priority 200
peer priority 250
associate-context V-CONTEXT-B
inservice
You could end your work by issuing a 'show ft group status' the verify the FT for the two virtual contexts. Just remember, that initially the status might very well read BULK. This changes, once the sync is completed.
hth
/Ulrich
06-02-2010 01:17 PM
Thanks for your answer. I see this clear now.
Best Regards.
09-19-2013 01:39 PM
Does the VLAN 1000 interface need an IP on it to be the query-interface? I'm a little confused on the use of this interface. I understand the FT interface, what is the query-interface really used for?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide