Failover - Primary Reloaded

Unanswered Question
May 22nd, 2008

We are experiencing an interesting little problem with failover. Whilst performing some testing we discovered that when the Secondary Unit is Active, and the Primary unit is powered up, the primary unit will disrupt traffic flowing over the Secondary Unit. We do not see this issue if the secondary unit is power cycled.

Doing some further investigation, when the primary is powered up, it detects that its mate is Active and will then start the configuration replication, it is at this point that on the LAN you can see that the mac and IP address are now pointing at the Primary unit and all traffic is lost. It isn't until the configuration replication has finished that the mac and IP address point back to the Secondary.

I have had a look through the books and the site and I'm unable to see any reference to this scenario.

Version 7.0(4)



failover polltime unit msec 500 holdtime 3

failover polltime interface 3

failover link state Ethernet5

failover interface ip state standby

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
kevindickerson Fri, 05/23/2008 - 03:33


The three interfaces that are being monitored are all in an up/up state with IP addresses.

They are also connected into a switch that has portfast enabled.

The way that we have gotten round it currently is to remove the interface cables from the back of the primary pix, power it on, wait for it to go into a failed state, then plug the cables back in. We then do not lose any network connectivity.

This isn't the ideal solution though


I have has a simular issue in the past - are you using the serial cable for the signaling failover heartbeat etc??

The other way I have done this - for a perm fix for this is:-

Turn both devices off, power up the primary first, then about 5 seconds later powere the secondary....when I have done this I never see the problem occur again?!


kevindickerson Fri, 05/23/2008 - 05:09


We are using the serial cable for failover signalling heartbeat.

I have tried your perm fix, but I still have the same results if the Primary has a power failure.

kevindickerson Mon, 06/09/2008 - 06:51

I could find a few TAC case that had a similar symptom, but all had other strange circumstances that didn't match. In the end it was an upgrade from 7.0(4) to 7.0(8) and that has resolved the issue.

Farrukh Haroon Mon, 06/09/2008 - 12:55

Seems to be a bug, during config replication network traffic should not go down.

Also you could have a look at assigning virtual mac-addresses for failover (if this isn't a bug).




This Discussion