ACE Switchover and Config Sync

Unanswered Question
Jun 12th, 2007

Hi

I'm new to the ACE modul and trying to set up some szenarios and i run already into some troubles.

Question 1)

I configured redundancy to another module - virtulised mode. Config sync between the context worked fine. If i change s'thing in the activ context it was copied to the standby context. But if i changed something in the active Admin context it was not copied to the standby Admin context.

Question 2)

FT Switchover in the Admin context is not possible returns the following fault:

ACE_Switch08/Admin# ft switchover

This command will cause card to switchover (yes/no)? [no] yes

Invalid FT group. FT switchover command will be ignored.

ACE_Switch08/Admin#

If I switch a single FT group it works. But how is it possible to switch all FT groups a the same time? Do i have to switch each context by itself?

Question 3)

After i have switched the active context to the standby context, the ft group x command shows both peers as active. After i take the standby ft group no inservice and back inservice it shows correctly Active and standby_HOT.

The configuration:

hostname ACE_Switch08

boot system image:c6ace-t1k9-mz.3.0.0_A1_4a.bin

resource-class RC1

limit-resource all minimum 10.00 maximum equal-to-min

class-map type management match-any REMOTE_ACCESS

description -- Remote Access traffic match --

2 match protocol telnet any

3 match protocol ssh any

4 match protocol icmp any

policy-map type management first-match REMOTE_MGMT_ALLOW_POLICY

class REMOTE_ACCESS

permit

interface vlan 2100

ip address 172.29.190.16 255.255.255.0

service-policy input REMOTE_MGMT_ALLOW_POLICY

no shutdown

ft interface vlan 2020

ip address 192.168.100.1 255.255.255.0

peer ip address 192.168.100.2 255.255.255.0

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 2020

ip route 0.0.0.0 0.0.0.0 172.29.190.1

context sf0-2200

allocate-interface vlan 2201

allocate-interface vlan 2207

member RC1

context sf0-2220

allocate-interface vlan 2221

allocate-interface vlan 2227

member RC1

ft group 1

peer 1

no preempt

priority 200

peer priority 150

associate-context sf0-2200

inservice

ft group 2

peer 1

no preempt

priority 200

peer priority 150

associate-context sf0-2220

inservice

username admin password xxx role Admin domain

default-domain

username www password xxx role Admin domain de

fault-domain

Any help is appreciated

pat

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Roble Mumin Tue, 06/12/2007 - 03:14

Hi Pat,

1)

for my config i just put the "user" or "backend" contexts into ft groups. I don't sync the admin contexts on both aces. I am not even sure if that makes sense or is "best practicse".

So if you don't put the admin context into an extra ft group it won't be synced. you have to configure the admin contexts on each physical ace separately.

Putting the contexts sf0-2200 & sf0-2220 into an ft group and not having an ft group for admin is the way to go IMHO.

2)

If you do a switchover you always have to specify which context you want to switchover. I don't think that you can actually switchover a whole bunch of contexts with this command. If you want to do that a reload is the only way AFAIK.

Try:

ft switchover 1

ft switchover 2

3)

This could be because you have not configured the other ACE's admin context to participate in the ft properly.

My configs looke like this.

ACE01:

ft interface vlan 777

ip address 172.16.99.1 255.255.255.252

peer ip address 172.16.99.2 255.255.255.252

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 777

query-interface vlan 444

ft group 3

peer 1

priority 150

peer priority 110

associate-context FOO

inservice

ft group 4

peer 1

priority 150

peer priority 110

associate-context BAR

inservice

ft group 2

peer 1

priority 150

peer priority 110

associate-context FOO-BAR

inservice

----

ACE02:

ft interface vlan 777

ip address 172.16.99.2 255.255.255.252

peer ip address 172.16.99.1 255.255.255.252

no shutdown

ft peer 1

heartbeat interval 200

heartbeat count 20

ft-interface vlan 777

query-interface vlan 444

ft group 2

peer 1

no preempt

priority 110

peer priority 150

associate-context FOO

inservice

ft group 3

peer 1

no preempt

priority 110

peer priority 150

associate-context BAR

inservice

ft group 4

peer 1

no preempt

priority 110

peer priority 150

associate-context FOO-BAR

inservice

----

Hope that helps

Roble

kehlpatrick Tue, 06/12/2007 - 03:47

Hi Roble

Thanks for your replay. We solved the problem earlier that day and it was exactly as you described. Sadly the documents on CCO from Cisco doesn't mention the fact, that the admin has also to be in a ft group.

And whats even worse, that you cannot switch all ft groups together... we have 50 context in our serverfarm... will be a lot of work if i have to switch them all -> reboot could be the solution, but a bad one....

thanks again.

pat

Roble Mumin Tue, 06/12/2007 - 04:21

So you have the admin group in an ft group now and sync the configs between both?

In my opinion you might encounter some problems because the second ace needs some "unique" configuration settings like ip address and other stuff which will probably get overwritten by a sync.

I tried the "admin context in a ft group" approach with an earlier A2 release of the ACE and always ran into this problem. Afterwards i never bothered with it again. Anyhow good to hear you solved your issues.

Viel Spass weiterhin...

Roble

Actions

This Discussion