09-04-2020 06:31 AM
Hi folks,
I have an unusual one I need some help with. I have a pair of 5525's active/standby, and during an upgrade from 8.6 to 9.14 via 9.0(4); the recommended path from Cisco, i've noticed something strange in the config for contexts and it's causing issues (We can't failover, and until it's resolved, i'm stuck at 9.0(4) and I need to upgrade to 9.14).
The primary/standby failover configuration looks to be good:
firewall-1# sh fail Failover On Failover unit Primary Failover LAN Interface: Context_Failover GigabitEthernet0/7 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 0 of 216 maximum failover replication http Version: Ours 9.0(4)42, Mate 9.0(4)42 Last Failover at: 02:03:50 UTC Jul 17 2020 This host: Primary - Active firewall-1# failover exec standby sh fail Failover On Failover unit Secondary Failover LAN Interface: Context_Failover GigabitEthernet0/7 (up) Unit Poll frequency 1 seconds, holdtime 15 seconds Interface Poll frequency 5 seconds, holdtime 25 seconds Interface Policy 1 Monitored Interfaces 0 of 216 maximum failover replication http Version: Ours 9.0(4)42, Mate 9.0(4)42 Last Failover at: 03:21:01 UTC Jun 22 2020 This host: Secondary - Standby Ready
so the configuration *appears* to be synced correctly (and in the past before we started the upgrade, it was fine).
During the upgrade, the primary (when it was being upgraded whilst the secondary was active) appears to have had two of the context files from disk0: zero byte'd, and has removed the configuration url from the contexts:
context CONTEXT-A allocate-interface GigabitEthernet0/0.100 config-url disk0:/CONTEXT-A ! context CONTEXT-B allocate-interface GigabitEthernet0/0.200 ! context CONTEXT-C allocate-interface GigabitEthernet0/0.300 ! context CONTEXT-D allocate-interface GigabitEthernet0/0.400 config-url disk0:/CONTEXT-D !
(you can see the ones either side are just fine though). This config is on the system context of both the primary and secondary in the show run, but the show start on the secondary does not have this:
firewall-1# failover exec standby show start <snip> context CONTEXT-A allocate-interface GigabitEthernet0/0.100 config-url disk0:/CONTEXT-A ! context CONTEXT-D allocate-interface GigabitEthernet0/0.400 config-url disk0:/CONTEXT-D ! <snip>
The show start on the primary though is the same as the show run.
disk0: on the primary has the files but they're 0 bytes (unlike the ones either side which you can see are good) firewall-1# dir disk0: Directory of disk0:/ 6 drwx 4096 14:22:16 Feb 17 2014 log <snip> 86 -rwx 4055 23:02:32 Aug 06 2020 CONTEXT-A 87 -rwx 0 14:31:32 Apr 08 2020 CONTEXT-B 88 -rwx 0 13:51:08 Apr 08 2020 CONTEXT-C 90 -rwx 1802 23:02:32 Aug 06 2020 CONTEXT-D
but on the standby:
firewall-1# failover exec standby dir disk0: Directory of disk0:/ 11 drwx 4096 17:45:32 Feb 17 2014 log <snip> 86 -rwx 4511 01:21:58 Aug 07 2020 CONTEXT-A 87 -rwx 10543 15:47:12 Aug 06 2020 CONTEXT-B 88 -rwx 14198 08:40:48 Jun 26 2020 CONTEXT-C 89 -rwx 2244 01:21:58 Aug 07 2020 CONTEXT-D
It's there and is fine. I can do a 'more disk0:CONTEXT-A' on the secondary/standby and the configuration is just fine.
And obviously, I cannot change to the context either:
firewall-1# change con CONTEXT-B ERROR: Context hasn't been initialized with 'config-url'
So my question is two fold:
1) how is it still functioning on the primary/active:
firewall-1# change con CONTEXT-B
ERROR: Context hasn't been initialized with 'config-url'
and 2) how do I restore the config-url to the context on the primary, without wiping it away? I am more than happy to copy the context file over from the secondary/standby, but my understanding is that if I put the config-url statement into the context, it's going to blitz the configuration to zero, or am I mistaken?
I need to restore the two contexts and test a failover correctly before I can continue the upgrade to 9.14, and can't risk downtime.
Can anyone suggest a way to restore the correct configuration without outage?
Thanks so much
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide