06-15-2009 06:50 AM
Hello,
Below is my ACE HA config. I have two ACEs and two virtual contexts. I want the context VC_PROD to be active on ACE 1 and standby on ACE 2. I want the context VC_Test to be active on ACE 2 and standby on ACE 1. Also, VLAN 100 is shared between all contexts. Please let me know if I am on the right track. Your feedback is greatly appreciated.
ACE HA Config.
This configuration is on ACE 1. I will repeat the same procedure on ACE 2 swapping the ip addresses.
Context - Admin
interface vlan 100
description Management VLAN
ip address 10.1.1.24 255.255.252.0
peer ip address 10.1.1.28 255.255.252.0
service-policy input Admin_web_MGMT_ALLOW_POLICY
service-policy input SNMP-ACCESS-POLICY
no shutdown
ft interface vlan 110
ip address 192.168.1.4 255.255.255.0
peer ip address 192.168.1.5 255.255.255.0
no shut
ft peer 1
heartbeat interval 300
heartbeat count 10
ft-interface vlan 110
ft group 1
peer 1
priority 100
peer priority 90
associate-context Admin
inservice
ft group 2
peer 1
priority 100
peer priority 90
associate-context VCÂ_PROD
inservice
ft group 3
peer 1
priority 90
peer priority 100
associate-context VCÂ_TEST
inservice
-----------------------------------------
Context - VC_PROD
interface vlan 100
description Management VLAN
ip address 10.1.1.25 255.255.252.0
peer ip address 10.1.1.29 255.255.252.0
access-group input ALL
service-policy input MGMT_ALLOW_POLICY
service-policy input SNMP-ACCESS-POLICY
service-policy input PM_multi_match
no shutdown
interface vlan 111
description VC_Production Server Side
ip address 10.1.111.1 255.255.255.128
peer ip address 10.1.111.2 255.255.255.128
access-group input ALL
no shutdown
-----------------------------------------
Context - VC_TEST
interface vlan 100
description Management VLAN
ip address 10.1.1.26 255.255.252.0
peer ip address 10.1.1.30 255.255.252.0
access-group input ALL
service-policy input MGMT_ALLOW_POLICY
service-policy input SNMP-ACCESS-POLICY
service-policy input PM_multi_match
no shutdown
interface vlan 112
description VC_Test Server Side
ip address 10.1.111.129 255.255.255.128
peer ip address 10.1.111.130 255.255.255.128
access-group input ALL
no shutdown
Solved! Go to Solution.
06-16-2009 01:18 PM
Hi,
Taking a look at the commands of FT, we see this:
! creating the FT interface and bind it to a VLAN
ft interface vlan 110
! Give the VLAN interface an IP Address to communicate with the other FT ACE
ip address 192.168.1.4 255.255.255.0
! give the other FT ACE (peer) an ip address to let them communicate between eachother
peer ip address 192.168.1.5 255.255.255.0
! enable the interface
no shut
! create the peer ACE parameters
ft peer 1
! heartbeat interval is 300 msec
heartbeat interval 300
! heartbeat count is 10 (10 consecutive heartbeats need to be missed before peer declares the other peer down
heartbeat count 10
! bind the created FT interface to the peer
ft-interface vlan 110
! create a FT group per context
ft group 1
! bind the peer to the FT group
peer 1
! give the ACE a priority
priority 100
! give the peer a priority
peer priority 90
! bind a context to the FT group
associate-context Admin
! enable the FT group
inservice
in the FT group commands, you specify the context that is linked to that group. That way the ACE knows which context has what priority.
Hope this clears things up!
Please rate if this answered your question or was helpful for you.
Cheers,
Dario
06-16-2009 12:06 AM
Hi,
This looks fine!
I suppose you've created your contexts and associated your VLANs to them in your Admin context?
context VCÂ_PROD
allocate-interface vlan 100
allocate-interface vlan 111
context VC_TEST
allocate-interface vlan 100
allocate-interface vlan 112
HTH.
Kr,
Dario
06-16-2009 05:28 AM
Hello,
Thank you very much for your time, I have the contexts created and associated to the VLANs.
With the statement below,
ft group 1
peer 1
priority 100
peer priority 90
associate-context Admin
inservice
Priority 100 is for ACE 1 and peer priority 90 is for ACE 2. Is that correct? How does the context on ACE 1 or ACE 2 knows that it is priority 100 or 90?
06-16-2009 01:18 PM
Hi,
Taking a look at the commands of FT, we see this:
! creating the FT interface and bind it to a VLAN
ft interface vlan 110
! Give the VLAN interface an IP Address to communicate with the other FT ACE
ip address 192.168.1.4 255.255.255.0
! give the other FT ACE (peer) an ip address to let them communicate between eachother
peer ip address 192.168.1.5 255.255.255.0
! enable the interface
no shut
! create the peer ACE parameters
ft peer 1
! heartbeat interval is 300 msec
heartbeat interval 300
! heartbeat count is 10 (10 consecutive heartbeats need to be missed before peer declares the other peer down
heartbeat count 10
! bind the created FT interface to the peer
ft-interface vlan 110
! create a FT group per context
ft group 1
! bind the peer to the FT group
peer 1
! give the ACE a priority
priority 100
! give the peer a priority
peer priority 90
! bind a context to the FT group
associate-context Admin
! enable the FT group
inservice
in the FT group commands, you specify the context that is linked to that group. That way the ACE knows which context has what priority.
Hope this clears things up!
Please rate if this answered your question or was helpful for you.
Cheers,
Dario
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: