Solved: If the standby unit knows it

kmgraziano · ‎12-10-2014

Have a pair of 5525s in active/standby setup. Standby node shows as failed. If I "reset failover" from the ASDM, it briefly changes to Standby Ready then in a few seconds flips back to "failed". The failover interface shows as Up. No recent updates or changes as far as I know. My network engineer has left the company so I'm trying to work on this on my own, but I'm a newbie to this. Can someone provide some tips on what direction to go in troubleshooting this? thanks.

Marvin Rhoads · ‎12-11-2014

So the output shows "Visitor: No Link".

With that interface being down, the secondary unit is considered to be in failed state.

Fix that and it should come out of "Failed" state.

View solution in original post

Marvin Rhoads · ‎12-10-2014

Can you give us the sanitized output of "show failover" and "show failover history" from the active unit?

Vibhor Amrodia · ‎12-11-2014

Hi,

I think you might also get the "show failover state" output from both the units.

Thanks and Regards,

Vibhor Amrodia

kmgraziano · ‎12-11-2014

Thanks for the replies. Below is the show failover, failover history, and failover state from both nodes.

******************************************************************************************

ACTIVE NODE# show failover
Failover On
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 216 maximum
failover replication http
Version: Ours 9.1(4), Mate 9.1(4)
Last Failover at: 20:10:46 EDT Jun 18 2014
        This host: Primary - Active
                Active time: 15161915 (sec)
                slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
                  Interface External (#.#.#.#): Unknown (Waiting)
                  Interface LAN (#.#.#.#): Normal (Monitored)
                  Interface Firepass (#.#.#.#): No Link (Not-Monitored)
                  Interface management (#.#.#.#): No Link (Not-Monitored)
                  Interface Visitor(#.#.#.#): Normal (Waiting)
                slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
                  IPS, 7.1(4)E4, Up
        Other host: Secondary - Failed
                Active time: 0 (sec)
                slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
                  Interface External (0.0.0.0): Unknown (Waiting)
                  Interface LAN (#.#.#.#): Normal (Monitored)
                  Interface Firepass (0.0.0.0): Normal (Not-Monitored)
                  Interface management (0.0.0.0): Normal (Not-Monitored)
                  Interface Visitor (0.0.0.0): No Link (Waiting)
                slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
                  IPS, 7.1(4)E4, Up

Stateful Failover Logical Update Statistics
        Link : failover GigabitEthernet0/7 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         996522050 0          2038508    940
        sys cmd         2021458    0          2021455    0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        538504296 0          12227      723
        UDP conn        301290945 0          2638       89
        ARP tbl         154469753 0          2122       0
        Xlate_Timeout   0          0          0          0
        IPv6 ND tbl     0          0          0          0
        VPN IKEv1 SA    0          0          0          0
        VPN IKEv1 P2    0          0          0          0
        VPN IKEv2 SA    0          0          0          0
        VPN IKEv2 P2    0          0          0          0
        VPN CTCP upd    0          0          0          0
        VPN SDI upd     0          0          0          0
        VPN DHCP upd    0          0          0          0
        SIP Session     0          0          0          0
        Route Session   0          0          0          128
        User-Identity   235598     0          66         0
        CTS SGTNAME     0          0          0          0
        CTS PAC         0          0          0          0
        TrustSec-SXP    0          0          0          0
        IPv6 Route      0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       25      2041263
        Xmit Q:         0       1545    1163705413

# show failover history
==========================================================================
From State To State Reason
==========================================================================
20:05:51 EDT Jun 18 2014
Not Detected Negotiation No Error

20:05:56 EDT Jun 18 2014
Negotiation Cold Standby Detected an Active mate

20:05:57 EDT Jun 18 2014
Cold Standby Sync Config Detected an Active mate

20:06:08 EDT Jun 18 2014
Sync Config Sync File System Detected an Active mate

20:06:08 EDT Jun 18 2014
Sync File System Bulk Sync Detected an Active mate

20:06:22 EDT Jun 18 2014
Bulk Sync Standby Ready Detected an Active mate

20:10:46 EDT Jun 18 2014
Standby Ready Just Active Set by the config command

20:10:46 EDT Jun 18 2014
Just Active Active Drain Set by the config command

20:10:46 EDT Jun 18 2014
Active Drain Active Applying Config Set by the config command

20:10:46 EDT Jun 18 2014
Active Applying Config Active Config Applied Set by the config command

20:10:46 EDT Jun 18 2014
Active Config Applied Active Set by the config command

==========================================================================
#

==========================================================================
# show failover state

               State          Last Failure Reason      Date/Time
This host -   Primary
               Active         None
Other host -   Secondary
               Failed         Ifc Failure              15:24:38 EST Dec 10 2014
                              Visitor: No Link

====Configuration State===
        Sync Done
        Sync Done - STANDBY
====Communication State===
        Mac set

**********************************************************************************************

STANDBY NODE# show failover
Failover On
Failover unit Secondary
Failover LAN Interface: failover GigabitEthernet0/7 (up)
Unit Poll frequency 1 seconds, holdtime 15 seconds
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 216 maximum
failover replication http
Version: Ours 9.1(4), Mate 9.1(4)
Last Failover at: 10:09:07 EST Dec 4 2014
        This host: Secondary - Failed
                Active time: 0 (sec)
                slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
                  Interface External (0.0.0.0): Unknown (Waiting)
                  Interface LAN (#.#.#.#): Normal (Monitored)
                  Interface Firepass (0.0.0.0): No Link (Not-Monitored)
                  Interface Visitor (0.0.0.0): No Link (Waiting)
                  Interface management (0.0.0.0): No Link (Not-Monitored)
                slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
                  IPS, 7.1(4)E4, Up
        Other host: Primary - Active
                Active time: 15161386 (sec)
                slot 0: ASA5525 hw/sw rev (1.0/9.1(4)) status (Up Sys)
                  Interface External (#.#.#.#): Unknown (Waiting)
                  Interface LAN (#.#.#.#): Normal (Monitored)
                  Interface Firepass (#.#.#.#): Normal (Not-Monitored)
                  Interface Visitor (#.#.#.#): Normal (Waiting)
                  Interface management (#.#.#.#): Normal (Not-Monitored)
                slot 1: IPS5525 hw/sw rev (N/A/7.1(4)E4) status (Up/Up)
                  IPS, 7.1(4)E4, Up

Stateful Failover Logical Update Statistics
        Link : failover GigabitEthernet0/7 (up)
        Stateful Obj    xmit       xerr       rcv        rerr
        General         79012      0          44222221   4935
        sys cmd         79012      0          79012      0
        up time         0          0          0          0
        RPC services    0          0          0          0
        TCP conn        0          0          20937129   2862
        UDP conn        0          0          15425800   2073
        ARP tbl         0          0          7767139    0
        Xlate_Timeout   0          0          0          0
        IPv6 ND tbl     0          0          0          0
        VPN IKEv1 SA    0          0          0          0
        VPN IKEv1 P2    0          0          0          0
        VPN IKEv2 SA    0          0          0          0
        VPN IKEv2 P2    0          0          0          0
        VPN CTCP upd    0          0          0          0
        VPN SDI upd     0          0          0          0
        VPN DHCP upd    0          0          0          0
        SIP Session     0          0          0          0
        Route Session   0          0          0          0
        User-Identity   0          0          13141      0
        CTS SGTNAME     0          0          0          0
        CTS PAC         0          0          0          0
        TrustSec-SXP    0          0          0          0
        IPv6 Route      0          0          0          0

        Logical Update Queue Information
                        Cur     Max     Total
        Recv Q:         0       54      51347266
        Xmit Q:         0       1       79012
#

# show failover history
==========================================================================
From State To State Reason
==========================================================================
10:09:13 EST Dec 4 2014
Not Detected Negotiation No Error

10:09:17 EST Dec 4 2014
Negotiation Cold Standby Detected an Active mate

10:09:18 EST Dec 4 2014
Cold Standby Sync Config Detected an Active mate

10:09:29 EST Dec 4 2014
Sync Config Sync File System Detected an Active mate

10:09:29 EST Dec 4 2014
Sync File System Bulk Sync Detected an Active mate

10:09:43 EST Dec 4 2014
Bulk Sync Standby Ready Detected an Active mate

10:09:51 EST Dec 4 2014
Standby Ready Failed Interface check

15:23:42 EST Dec 10 2014
Failed Standby Ready Failover state check

15:23:53 EST Dec 10 2014
Standby Ready Failed Interface check

15:24:26 EST Dec 10 2014
Failed Standby Ready Failover state check

15:24:38 EST Dec 10 2014
Standby Ready Failed Interface check

==========================================================================

==========================================================================
# show failover state

               State          Last Failure Reason      Date/Time
This host -   Secondary
               Failed         Ifc Failure              15:24:38 EST Dec 10 2014
                              Visitor: No Link
Other host -   Primary
               Active         None

====Configuration State===
Sync Done - STANDBY
====Communication State===
Mac set

************************************************************************************************

Marvin Rhoads · ‎12-11-2014

So the output shows "Visitor: No Link".

With that interface being down, the secondary unit is considered to be in failed state.

Fix that and it should come out of "Failed" state.

Anthonize Rajaratne · ‎04-12-2016

So in this situation, if active fails, how will standby react? will it comes up as active with no Visitor link or it won't come up at all as an active?

Thanks

Marvin Rhoads · ‎04-12-2016

If the standby unit knows it is part of an HA pair and is in failed state, it will not assume the active role if the primary active unit fails.

If it were to be rebooted, it would come up as active (even with one or more failed interfaces) since the mate was also failed.

kmgraziano · ‎12-11-2014

Thanks for your assistance! I'm not local to the equipment but when I had someone check, that interface was not connected to the switch. As soon as we took care of that, the node status updated to Standby Ready. Appreciate your help.

Marvin Rhoads · ‎12-11-2014

You're welcome.

Thanks for the rating.

ASA 5525 Standby node in failed state