Stateful Failover

Kevin_27C · ‎02-27-2013

Hi Everyone,

This question is about the Documnet ID:77809

It says that when the Stateful Failover is enabled, routing tables information is not passed during the failover. (Please see the screenshot below) If thats going to be the case how the routing will happen? Sorry if i have got the whole concept wrong.

Stateful Failover

When stateful failover is enabled, the active unit continually passes per-connection state information to the standby unit. After a failover occurs, the same connection information is available at the new active unit. Supported end-user applications are not required to reconnect to keep the same communication session.

The state information passed to the standby unit includes these:

The NAT translation table
The TCP connection states
The UDP connection states
The ARP table
The Layer 2 bridge table (when it runs in the transparent firewall mode)
The HTTP connection states (if HTTP replication is enabled)
The ISAKMP and IPSec SA table
The GTP PDP connection database

The information that is not passed to the standby unit when stateful failover is enabled includes these:

The HTTP connection table (unless HTTP replication is enabled)
The user authentication (uauth) table
The routing tables
State information for security service modules

Rudy Sanjoko · ‎02-28-2013

The running protocol will be forced to re-establish the adjacencies. If you are using 8.4, there is a new feature called stateful failover with DRP. See below link for more information about this feature which is explained very well by Brandon Carroll, CCIE # 23837.

"Stateful failover works with the routing protocols and syncs the routing information between the failover devices. This information is stored in a Routing Information Base (RIB) table that exists on the standby unit."

Cisco-ASA-firewall-advice-Using-ASA-84-for-stateful-failover-in-DRP