Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11309
Views
15
Helpful
9
Replies

Difference between failover links

Go to solution
mahesh18
Level 6
Level 6

‎11-01-2012 10:09 AM - edited ‎03-11-2019 05:17 PM

Hi Everyone,

Need to understand the differences between these two

dedicated failover link and Stateful Failover link.  

Thanks

Mahesh                

Labels:
0 Helpful
4 Accepted Solutions

Accepted Solutions

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-01-2012 10:30 AM

Hello Mahesh,

The stateful failover link is used to replicate all the connections that are going through the active ASA.

The failover link is used to replicate the configuration and the following info:

*The unit state (active or standby).

Power status (cable-based failover only—available only on the PIX 500 series security appliance).

Hello messages (keep-alives).

Network link status.

MAC address exchange.

That is why we recommend to use a dedicated interface different than the managment ( because of the capacity of this one)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-01-2012 10:39 AM

What do you mean by type of failure?

Did you mean type of failover connection can be done on that crossover link?

If that was the question you can use both ( failover link and failover stateful link)

Here at cisco we recommend to use a switch between the 2 units for troubleshooting purposes ( so if one of them go down you inmediatly know where is the issue.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-01-2012 01:39 PM

Hello,

To check if you are running active/active or active/standby?

If you do a show failover state:

On active/active 

              State          Last Failure Reason      Date/Time
This host  -   Primary
    Group 1    Active         None
    Group 2    Standby Ready  None
Other host -   Secondary
    Group 1    Standby Ready  None
    Group 2    Active         None

====Configuration State===
        Sync Done
====Communication State===
        Mac set

On active/standby 

pix#show failover state
====My State===
Primary | Active |
====Other State===
Secondary | Standby |
====Configuration State===
        Sync Done
====Communication State===
        Mac set

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-01-2012 02:07 PM

Hello,

Yes, mahesh,

That is correct

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

0 Helpful
9 Replies 9

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni

‎11-01-2012 10:30 AM

Hello Mahesh,

The stateful failover link is used to replicate all the connections that are going through the active ASA.

The failover link is used to replicate the configuration and the following info:

*The unit state (active or standby).

Power status (cable-based failover only—available only on the PIX 500 series security appliance).

Hello messages (keep-alives).

Network link status.

MAC address exchange.

That is why we recommend to use a dedicated interface different than the managment ( because of the capacity of this one)

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎11-01-2012 10:35 AM

Hi Julio,

If two ASA  have crossover connection between them which type of failure is this?

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-01-2012 10:39 AM

What do you mean by type of failure?

Did you mean type of failover connection can be done on that crossover link?

If that was the question you can use both ( failover link and failover stateful link)

Here at cisco we recommend to use a switch between the 2 units for troubleshooting purposes ( so if one of them go down you inmediatly know where is the issue.

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎11-01-2012 12:44 PM

hi julio,

Is there any command  that can tell us what type of failover is running on ASA?

Or is there some config in sh run that we can check?

Thanks

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-01-2012 01:39 PM

Hello,

To check if you are running active/active or active/standby?

If you do a show failover state:

On active/active 

              State          Last Failure Reason      Date/Time
This host  -   Primary
    Group 1    Active         None
    Group 2    Standby Ready  None
Other host -   Secondary
    Group 1    Standby Ready  None
    Group 2    Active         None

====Configuration State===
        Sync Done
====Communication State===
        Mac set

On active/standby 

pix#show failover state
====My State===
Primary | Active |
====Other State===
Secondary | Standby |
====Configuration State===
        Sync Done
====Communication State===
        Mac set

Regards,

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎11-01-2012 01:42 PM

Hi Julio,

So this means we can say that stateful failover link both ASA  are in active active state?

Thanks

Mahesh

0 Helpful

Go to solution
Julio Carvajal
VIP Alumni
VIP Alumni
In response to mahesh18

‎11-01-2012 02:07 PM

Hello,

Yes, mahesh,

That is correct

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

Go to solution
mahesh18
Level 6
Level 6
In response to Julio Carvajal

‎11-01-2012 02:22 PM

Many thanks again Julio

Best regards

Mahesh

0 Helpful

Go to solution
mohannedadil931
Level 1
Level 1
In response to mahesh18

‎07-17-2017 12:34 AM

no ,

It has no relationship by active/active and active/standby .

Stateless (Regular) Failover:  When a failover occurs, all active connections are dropped. Clients need to reestablish connections when the new active unit takes over

Stateful Failover : When Stateful Failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new activeunit. Supported end-user applications are not required to reconnect to keep the same communication session.

Regards ,

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card