FWSM Lost Failover communications with mate

Unanswered Question
Feb 17th, 2010

All,

I experinced critical problem for our customer service pertaing to communication fail for FT between FWSMs.

I can just find the log in FWSM as follows and can't find any physical log as interface down in C6500 at that moment.

Now our FWSM OS version is 3.2(7) and jsut monitor-interface option is applied at outside interface in FWSM.

Main FWSM

1|Feb 13 2010 01:49:19|105005: (Secondary) Lost Failover communications with mate on interface statelink
1|Feb 13 2010 01:49:20|105004: (Secondary) Monitoring on interface statelink normal

Backup FWSM


1|Feb 13 2010 01:49:17|105005: (Primary) Lost Failover communications with mate on interface statelink
1|Feb 13 2010 01:49:22|105004: (Primary) Monitoring on interface statelink normal
1|Feb 13 2010 01:51:24|105005: (Primary) Lost Failover communications with mate on interface outside
1|Feb 13 2010 01:51:24|105008: (Primary) Testing Interface outside
1|Feb 13 2010 01:51:24|105009: (Primary) Testing on interface outside Passed

Our problem is recovered automatically after 2m ~ 3m but that is reoccured after 1 day.

I already opend the TAC case (SR 613646199)  but I didn't get any correct cause for problem and they just recommend to change the FWSM through RMA. 

Any advice for our problem whould be greatly appreciated.

Thanks,

Sungmin Cho

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Jon Marshall Wed, 02/17/2010 - 02:35

minmin5063 wrote:

All,

I experinced critical problem for our customer service pertaing to communication fail for FT between FWSMs.

I can just find the log in FWSM as follows and can't find any physical log as interface down in C6500 at that moment.

Now our FWSM OS version is 3.2(7) and jsut monitor-interface option is applied at outside interface in FWSM.

Main FWSM

1|Feb 13 2010 01:49:19|105005: (Secondary) Lost Failover communications with mate on interface statelink
1|Feb 13 2010 01:49:20|105004: (Secondary) Monitoring on interface statelink normal

Backup FWSM


1|Feb 13 2010 01:49:17|105005: (Primary) Lost Failover communications with mate on interface statelink
1|Feb 13 2010 01:49:22|105004: (Primary) Monitoring on interface statelink normal
1|Feb 13 2010 01:51:24|105005: (Primary) Lost Failover communications with mate on interface outside
1|Feb 13 2010 01:51:24|105008: (Primary) Testing Interface outside
1|Feb 13 2010 01:51:24|105009: (Primary) Testing on interface outside Passed

Our problem is recovered automatically after 2m ~ 3m but that is reoccured after 1 day.

I already opend the TAC case (SR 613646199)  but I didn't get any correct cause for problem and they just recommend to change the FWSM through RMA. 

Any advice for our problem whould be greatly appreciated.

Thanks,

Sungmin Cho

Sungmin

Does the FWSM have a dedicated link between the 6500 switches or are you using the interconnect that all the other traffic uses as well ?

If you are using the same interconnect as other traffic it could be worth trying to setup a dedicated interconnect just for the FWSM.

Jon

Sung Min Cho Wed, 02/17/2010 - 02:54

Jon,

We already divided the links between C6500s for FT (Regular and Stateful Failover) and data.

Thanks,

Sungmin

Poonguzhali Sankar Wed, 02/17/2010 - 07:28

We have seen similar issues due to defect CSCsl39710.

Make sure you are running a code on the switch side where this is resolved.

Also, make sure the blade is not seeing more traffic than it can handle at any given time. If so, icmp will be given lower priority and interface monitoring may fail as ping test is one of them.

-KS

Sung Min Cho Wed, 02/17/2010 - 23:38

KS,

First of all, thank you for your reply.

The followinfg is mac-address-table at that time the problem occured.

*  903  001a.6c3d.9200   dynamic  Yes          0   Po273

* 1127  001a.6c3d.9200   dynamic  Yes          0   Po273

* 1121  001a.6c3d.9200   dynamic  Yes          0   Po273

* 1101  001a.6c3d.9200   dynamic  Yes          0   Po273
* 1100  001a.6c3d.9200   dynamic  Yes          0   Po273

*  174  001a.6c3d.9200   dynamic  Yes          0   Po273
*  175  001a.6c3d.9200   dynamic  Yes          0   Po273
*  180  001a.6c3d.9200   dynamic  Yes          0   Po273
*  178  001a.6c3d.9200   dynamic  Yes          5   Po273
*  177  001a.6c3d.9200   dynamic  Yes         10   Po273
*  191  001a.6c3d.9200   dynamic  Yes          0   Po273
*  189  001a.6c3d.9200   dynamic  Yes          0   Po273
*  187  001a.6c3d.9200   dynamic  Yes          0   Po273

.................................................................................

.................................................................................

We think that C6500 properly learned the MAC address of the FWSM at that moment.

Thanks,

Sungmin

rafatrujilho Fri, 12/17/2010 - 10:32

All,

I'm with problems the FWSM in communication for management interface.

Basically the setup is correct, but I have had the record of the logs with a frequency below:

Main FWSM

1|Dec 17 2010 13:01:41|105009: (Secondary_group_2) Testing on interface MANAGEMENT Passed

1|Dec 17 2010 13:01:37|105008: (Secondary) Testing Interface MANAGEMENT

1|Dec 17 2010 13:01:36|105005: (Secondary_group_2) Lost Failover communications with mate on interface MANAGEMENT

FWSM Version 4.1(3)

Catalyst 6509 Version 12.2(33).SXI4a /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-qformat:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-fareast-font-family:"Times New Roman"; mso-fareast-theme-font:minor-fareast; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}

Could anyone suggest something?

Thanks!

Poonguzhali Sankar Fri, 12/17/2010 - 18:15

The only lasts for 5 seconds and then quickly recovers.

It may be a busy interface. You can try to capture all traffic (IP protocol 105) on this interface on both the units when the problem occurs and see why what one unit sends doesn't arrive on the other unit and the interface goes into testing mode.

-KS

rafatrujilho Mon, 12/20/2010 - 08:32

Hi KS,

Considering that the device is an FWSM, it could mean a hardware problem?

Thanks,

Trujilho

phillchannon Tue, 03/29/2011 - 16:09

We've just experienced what seems to be the exact same thing.

Did you get a resolution to this ? How did you go with the TAC case ?

Thanks!

Phill.

Ian Beck Tue, 04/12/2011 - 03:24

Hi,

How was this resolved ?

As we are now seeing the same issue.

Many thanks

Ian Beck Tue, 04/12/2011 - 04:13

Hi,

Found my issue :

Caused by a static NAT using the Firewall Interface as the NAT Addrees, changed it to a assigned IP Address and the problem went away !!!

Thanks

Actions

Login or Register to take actions

This Discussion

Posted February 17, 2010 at 1:05 AM
Stats:
Replies:10 Avg. Rating:
Views:3115 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446