11-01-2012 10:09 AM - edited 03-11-2019 05:17 PM
Hi Everyone,
Need to understand the differences between these two
dedicated failover link and Stateful Failover link.
Thanks
Mahesh
Solved! Go to Solution.
11-01-2012 10:30 AM
Hello Mahesh,
The stateful failover link is used to replicate all the connections that are going through the active ASA.
The failover link is used to replicate the configuration and the following info:
*The unit state (active or standby).
•Power status (cable-based failover only—available only on the PIX 500 series security appliance).
•Hello messages (keep-alives).
•Network link status.
•MAC address exchange.
That is why we recommend to use a dedicated interface different than the managment ( because of the capacity of this one)
Regards,
Julio
11-01-2012 10:39 AM
What do you mean by type of failure?
Did you mean type of failover connection can be done on that crossover link?
If that was the question you can use both ( failover link and failover stateful link)
Here at cisco we recommend to use a switch between the 2 units for troubleshooting purposes ( so if one of them go down you inmediatly know where is the issue.
Regards,
11-01-2012 01:39 PM
Hello,
To check if you are running active/active or active/standby?
If you do a show failover state:
On active/active
State Last Failure Reason Date/Time This host - Primary Group 1 Active None Group 2 Standby Ready None Other host - Secondary Group 1 Standby Ready None Group 2 Active None ====Configuration State=== Sync Done ====Communication State=== Mac set
On active/standby
pix#show failover state ====My State=== Primary | Active | ====Other State=== Secondary | Standby | ====Configuration State=== Sync Done ====Communication State=== Mac set
Regards,
11-01-2012 02:07 PM
Hello,
Yes, mahesh,
That is correct
11-01-2012 10:30 AM
Hello Mahesh,
The stateful failover link is used to replicate all the connections that are going through the active ASA.
The failover link is used to replicate the configuration and the following info:
*The unit state (active or standby).
•Power status (cable-based failover only—available only on the PIX 500 series security appliance).
•Hello messages (keep-alives).
•Network link status.
•MAC address exchange.
That is why we recommend to use a dedicated interface different than the managment ( because of the capacity of this one)
Regards,
Julio
11-01-2012 10:35 AM
Hi Julio,
If two ASA have crossover connection between them which type of failure is this?
11-01-2012 10:39 AM
What do you mean by type of failure?
Did you mean type of failover connection can be done on that crossover link?
If that was the question you can use both ( failover link and failover stateful link)
Here at cisco we recommend to use a switch between the 2 units for troubleshooting purposes ( so if one of them go down you inmediatly know where is the issue.
Regards,
11-01-2012 12:44 PM
hi julio,
Is there any command that can tell us what type of failover is running on ASA?
Or is there some config in sh run that we can check?
Thanks
Mahesh
11-01-2012 01:39 PM
Hello,
To check if you are running active/active or active/standby?
If you do a show failover state:
On active/active
State Last Failure Reason Date/Time This host - Primary Group 1 Active None Group 2 Standby Ready None Other host - Secondary Group 1 Standby Ready None Group 2 Active None ====Configuration State=== Sync Done ====Communication State=== Mac set
On active/standby
pix#show failover state ====My State=== Primary | Active | ====Other State=== Secondary | Standby | ====Configuration State=== Sync Done ====Communication State=== Mac set
Regards,
11-01-2012 01:42 PM
Hi Julio,
So this means we can say that stateful failover link both ASA are in active active state?
Thanks
Mahesh
11-01-2012 02:07 PM
Hello,
Yes, mahesh,
That is correct
11-01-2012 02:22 PM
Many thanks again Julio
Best regards
Mahesh
07-17-2017 12:34 AM
no ,
It has no relationship by active/active and active/standby .
Stateless (Regular) Failover: When a failover occurs, all active connections are dropped. Clients need to reestablish connections when the new active unit takes over
Stateful Failover : When Stateful Failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new activeunit. Supported end-user applications are not required to reconnect to keep the same communication session.
Regards ,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide