Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
787
Views
0
Helpful
0
Replies

FTD failover with 30sec outage

Martin Kyrc
Level 3
Level 3

‎08-16-2019 07:28 AM - edited ‎02-21-2020 09:24 AM

Hello,

I can't solve issue with failover outage.

Setup:

  • 2x virtual FTD (ASA 9.9, firepower 2.3) running in failover
  • in DC1 (ESX-A) is runnig: FTD-1, SERVER-1
  • in DC2 (ESX-B) is runnig: FTD-2, SERVER-2
  • FTD is running transparent (bridge) mode
  • NW design: [ESX-A]-(trunk)-[SW-DC1]-(trunk)-[SW-CORE]-(trunk)-[SW-DC2]-[ESX-B]

Issue:

  • test1: manual failover to FTD-2:
    • connectivity to SERVER-2 is without outage during failover
    • but connectivity to SERVER-1 (the same DC as previous active FTD) is lost for 30sec
  • test2: manual failover to FTD-1:
    • connectivity to SERVER-1 is without outage during failover
    • but connectivity to SERVER-2 (the same DC as previous active FTD) is lost for 30sec

I have checked MAC address tables on all NW switches:

  • during normal operation have all mac addresses correct directions to GW or SERVER
  • during outage I can't see MAC address of the SERVER in VLAN connected to SERVER (between SERVER and FTD) (yes, this vlan is connected also to "real" NW world and virtual world on ESX)

my question is: 

  • how can I check/troubleshoot MAC address table on vSwitch? Is it possible?
  • what kind of timeout is 30sec?

martin

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card