cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
707
Views
0
Helpful
3
Replies

ACE High Availability Config.

allen.malanda_2
Level 1
Level 1

Hello,

Below is my ACE HA config. I have two ACEs and two virtual contexts. I want the context VC_PROD to be active on ACE 1 and standby on ACE 2. I want the context VC_Test to be active on ACE 2 and standby on ACE 1. Also, VLAN 100 is shared between all contexts. Please let me know if I am on the right track. Your feedback is greatly appreciated.

ACE HA Config.

This configuration is on ACE 1. I will repeat the same procedure on ACE 2 swapping the ip addresses.

Context - Admin

interface vlan 100

description Management VLAN

ip address 10.1.1.24 255.255.252.0

peer ip address 10.1.1.28 255.255.252.0

service-policy input Admin_web_MGMT_ALLOW_POLICY

service-policy input SNMP-ACCESS-POLICY

no shutdown

ft interface vlan 110

ip address 192.168.1.4 255.255.255.0

peer ip address 192.168.1.5 255.255.255.0

no shut

ft peer 1

heartbeat interval 300

heartbeat count 10

ft-interface vlan 110

ft group 1

peer 1

priority 100

peer priority 90

associate-context Admin

inservice

ft group 2

peer 1

priority 100

peer priority 90

associate-context VC­_PROD

inservice

ft group 3

peer 1

priority 90

peer priority 100

associate-context VC­_TEST

inservice

-----------------------------------------

Context - VC_PROD

interface vlan 100

description Management VLAN

ip address 10.1.1.25 255.255.252.0

peer ip address 10.1.1.29 255.255.252.0

access-group input ALL

service-policy input MGMT_ALLOW_POLICY

service-policy input SNMP-ACCESS-POLICY

service-policy input PM_multi_match

no shutdown

interface vlan 111

description VC_Production Server Side

ip address 10.1.111.1 255.255.255.128

peer ip address 10.1.111.2 255.255.255.128

access-group input ALL

no shutdown

-----------------------------------------

Context - VC_TEST

interface vlan 100

description Management VLAN

ip address 10.1.1.26 255.255.252.0

peer ip address 10.1.1.30 255.255.252.0

access-group input ALL

service-policy input MGMT_ALLOW_POLICY

service-policy input SNMP-ACCESS-POLICY

service-policy input PM_multi_match

no shutdown

interface vlan 112

description VC_Test Server Side

ip address 10.1.111.129 255.255.255.128

peer ip address 10.1.111.130 255.255.255.128

access-group input ALL

no shutdown

1 Accepted Solution

Accepted Solutions

Hi,

Taking a look at the commands of FT, we see this:

! creating the FT interface and bind it to a VLAN

ft interface vlan 110

! Give the VLAN interface an IP Address to communicate with the other FT ACE

ip address 192.168.1.4 255.255.255.0

! give the other FT ACE (peer) an ip address to let them communicate between eachother

peer ip address 192.168.1.5 255.255.255.0

! enable the interface

no shut

! create the peer ACE parameters

ft peer 1

! heartbeat interval is 300 msec

heartbeat interval 300

! heartbeat count is 10 (10 consecutive heartbeats need to be missed before peer declares the other peer down

heartbeat count 10

! bind the created FT interface to the peer

ft-interface vlan 110

! create a FT group per context

ft group 1

! bind the peer to the FT group

peer 1

! give the ACE a priority

priority 100

! give the peer a priority

peer priority 90

! bind a context to the FT group

associate-context Admin

! enable the FT group

inservice

in the FT group commands, you specify the context that is linked to that group. That way the ACE knows which context has what priority.

Hope this clears things up!

Please rate if this answered your question or was helpful for you.

Cheers,

Dario

View solution in original post

3 Replies 3

dario.didio
Level 4
Level 4

Hi,

This looks fine!

I suppose you've created your contexts and associated your VLANs to them in your Admin context?

context VC­_PROD

allocate-interface vlan 100

allocate-interface vlan 111

context VC_TEST

allocate-interface vlan 100

allocate-interface vlan 112

HTH.

Kr,

Dario

Hello,

Thank you very much for your time, I have the contexts created and associated to the VLANs.

With the statement below,

ft group 1

peer 1

priority 100

peer priority 90

associate-context Admin

inservice

Priority 100 is for ACE 1 and peer priority 90 is for ACE 2. Is that correct? How does the context on ACE 1 or ACE 2 knows that it is priority 100 or 90?

Hi,

Taking a look at the commands of FT, we see this:

! creating the FT interface and bind it to a VLAN

ft interface vlan 110

! Give the VLAN interface an IP Address to communicate with the other FT ACE

ip address 192.168.1.4 255.255.255.0

! give the other FT ACE (peer) an ip address to let them communicate between eachother

peer ip address 192.168.1.5 255.255.255.0

! enable the interface

no shut

! create the peer ACE parameters

ft peer 1

! heartbeat interval is 300 msec

heartbeat interval 300

! heartbeat count is 10 (10 consecutive heartbeats need to be missed before peer declares the other peer down

heartbeat count 10

! bind the created FT interface to the peer

ft-interface vlan 110

! create a FT group per context

ft group 1

! bind the peer to the FT group

peer 1

! give the ACE a priority

priority 100

! give the peer a priority

peer priority 90

! bind a context to the FT group

associate-context Admin

! enable the FT group

inservice

in the FT group commands, you specify the context that is linked to that group. That way the ACE knows which context has what priority.

Hope this clears things up!

Please rate if this answered your question or was helpful for you.

Cheers,

Dario

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: