ACE High Availability Config.

Answered Question
Jun 15th, 2009
User Badges:

Hello,


Below is my ACE HA config. I have two ACEs and two virtual contexts. I want the context VC_PROD to be active on ACE 1 and standby on ACE 2. I want the context VC_Test to be active on ACE 2 and standby on ACE 1. Also, VLAN 100 is shared between all contexts. Please let me know if I am on the right track. Your feedback is greatly appreciated.


ACE HA Config.


This configuration is on ACE 1. I will repeat the same procedure on ACE 2 swapping the ip addresses.


Context - Admin


interface vlan 100

description Management VLAN

ip address 10.1.1.24 255.255.252.0

peer ip address 10.1.1.28 255.255.252.0

service-policy input Admin_web_MGMT_ALLOW_POLICY

service-policy input SNMP-ACCESS-POLICY

no shutdown


ft interface vlan 110

ip address 192.168.1.4 255.255.255.0

peer ip address 192.168.1.5 255.255.255.0

no shut


ft peer 1

heartbeat interval 300

heartbeat count 10

ft-interface vlan 110


ft group 1

peer 1

priority 100

peer priority 90

associate-context Admin

inservice


ft group 2

peer 1

priority 100

peer priority 90

associate-context VC­_PROD

inservice


ft group 3

peer 1

priority 90

peer priority 100

associate-context VC­_TEST

inservice


-----------------------------------------


Context - VC_PROD


interface vlan 100

description Management VLAN

ip address 10.1.1.25 255.255.252.0

peer ip address 10.1.1.29 255.255.252.0

access-group input ALL

service-policy input MGMT_ALLOW_POLICY

service-policy input SNMP-ACCESS-POLICY

service-policy input PM_multi_match

no shutdown


interface vlan 111

description VC_Production Server Side

ip address 10.1.111.1 255.255.255.128

peer ip address 10.1.111.2 255.255.255.128

access-group input ALL

no shutdown


-----------------------------------------


Context - VC_TEST


interface vlan 100

description Management VLAN

ip address 10.1.1.26 255.255.252.0

peer ip address 10.1.1.30 255.255.252.0

access-group input ALL

service-policy input MGMT_ALLOW_POLICY

service-policy input SNMP-ACCESS-POLICY

service-policy input PM_multi_match

no shutdown


interface vlan 112

description VC_Test Server Side

ip address 10.1.111.129 255.255.255.128

peer ip address 10.1.111.130 255.255.255.128

access-group input ALL

no shutdown


Correct Answer by dario.didio about 7 years 10 months ago

Hi,


Taking a look at the commands of FT, we see this:


! creating the FT interface and bind it to a VLAN

ft interface vlan 110

! Give the VLAN interface an IP Address to communicate with the other FT ACE

ip address 192.168.1.4 255.255.255.0

! give the other FT ACE (peer) an ip address to let them communicate between eachother

peer ip address 192.168.1.5 255.255.255.0

! enable the interface

no shut


! create the peer ACE parameters

ft peer 1

! heartbeat interval is 300 msec

heartbeat interval 300

! heartbeat count is 10 (10 consecutive heartbeats need to be missed before peer declares the other peer down

heartbeat count 10

! bind the created FT interface to the peer

ft-interface vlan 110


! create a FT group per context

ft group 1

! bind the peer to the FT group

peer 1

! give the ACE a priority

priority 100

! give the peer a priority

peer priority 90

! bind a context to the FT group

associate-context Admin

! enable the FT group

inservice


in the FT group commands, you specify the context that is linked to that group. That way the ACE knows which context has what priority.


Hope this clears things up!


Please rate if this answered your question or was helpful for you.


Cheers,

Dario

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
dario.didio Tue, 06/16/2009 - 00:06
User Badges:
  • Silver, 250 points or more

Hi,


This looks fine!


I suppose you've created your contexts and associated your VLANs to them in your Admin context?


context VC­_PROD

allocate-interface vlan 100

allocate-interface vlan 111


context VC_TEST

allocate-interface vlan 100

allocate-interface vlan 112


HTH.


Kr,

Dario



allen.malanda_2 Tue, 06/16/2009 - 05:28
User Badges:

Hello,


Thank you very much for your time, I have the contexts created and associated to the VLANs.


With the statement below,


ft group 1

peer 1

priority 100

peer priority 90

associate-context Admin

inservice


Priority 100 is for ACE 1 and peer priority 90 is for ACE 2. Is that correct? How does the context on ACE 1 or ACE 2 knows that it is priority 100 or 90?

Correct Answer
dario.didio Tue, 06/16/2009 - 13:18
User Badges:
  • Silver, 250 points or more

Hi,


Taking a look at the commands of FT, we see this:


! creating the FT interface and bind it to a VLAN

ft interface vlan 110

! Give the VLAN interface an IP Address to communicate with the other FT ACE

ip address 192.168.1.4 255.255.255.0

! give the other FT ACE (peer) an ip address to let them communicate between eachother

peer ip address 192.168.1.5 255.255.255.0

! enable the interface

no shut


! create the peer ACE parameters

ft peer 1

! heartbeat interval is 300 msec

heartbeat interval 300

! heartbeat count is 10 (10 consecutive heartbeats need to be missed before peer declares the other peer down

heartbeat count 10

! bind the created FT interface to the peer

ft-interface vlan 110


! create a FT group per context

ft group 1

! bind the peer to the FT group

peer 1

! give the ACE a priority

priority 100

! give the peer a priority

peer priority 90

! bind a context to the FT group

associate-context Admin

! enable the FT group

inservice


in the FT group commands, you specify the context that is linked to that group. That way the ACE knows which context has what priority.


Hope this clears things up!


Please rate if this answered your question or was helpful for you.


Cheers,

Dario

Actions

This Discussion