Cisco ACE Module Redundancy

Answered Question
Jun 2nd, 2010

Hello All,


Im  new about  ACE´s this is my first implementations and i got some questions about redundancy.


I have two  ACE-20 Modules, each one has diferents contexts for differents applications, I want redundancy and Backup

between them, so  i want  One  has an  Active Context1  and  BAckup or Standby of the Other Context2 of the other ACE and viceversa.

What would be the configurations to achieve this?


Do i need write the Context configuration on each ACE ( Active, Standby )  or its gonna be automatic the syncro

of the configs??


Example:


6500 CHASSIS 1                                               6500 CHASSIS 2                                     

ACE MODULE 1                         <  -------- >        ACE MODULE 2   

V-CONTEXT-A  ( Active)               <  -------- >        V-CONTEXT-A  ( Standby) 

V-CONTEXT-B  ( Standby)            <  -------- >        V-CONTEXT-A  ( Active) 



Configuration ACE MODULE 1:


interface vlan 1000


ip address 172.25.91.110 255.255.255.0

peer ip address 172.25.91.111 255.255.255.0

alias ip address 172.25.91.112 255.255.255.0


service-policy input REMOTE_MGMT_ALLOW_POLICY

no shutdown

ft interface vlan 60

ip address 10.10.60.10 255.255.255.0

peer ip address 10.10.60.11 255.255.255.0

ft peer 1

heartbeat interval 300

heartbeat count 20

ft-interface vlan 60

query-interface vlan 1000


ft group 1

peer 1

associate-context V_CONTEXT-A

inservice




I will appreciate your help because im lost on this.



Thanks in Advance.


Robert.

Correct Answer by UHansen1976 about 6 years 8 months ago

Hi Robert,


The process of selecting which module has active ownership of a given context is determined by the priority, much like HSRP. In your configuration, you want to "share the load" of your two virtual contexts between the two modules. Also remember to define priority for your admin-context as well.


This sample config should help you get started:


ACE/CHASSIS 1

------------------------

interface vlan 1000





  service-policy input REMOTE_MGMT_ALLOW_POLICY

  no shutdown



ft interface vlan 60

  ip address 10.10.60.10 255.255.255.0

  peer ip address 10.10.60.11 255.255.255.0

ft peer 1

  heartbeat interval 300

  heartbeat count 20

ft-interface vlan 60

  query-interface vlan 1000

ft group 1

  peer 1

  priority 250

  peer priority 200

  associate-context Admin

  inservice



ACE/CHASSIS 2

------------------------

interface vlan 1000





  service-policy input REMOTE_MGMT_ALLOW_POLICY

  no shutdown



ft interface vlan 60

  ip address 10.10.60.11 255.255.255.0

  peer ip address 10.10.60.10 255.255.255.0

ft peer 1

  heartbeat interval 300

  heartbeat count 20

ft-interface vlan 60

  query-interface vlan 1000

ft group 1

  peer 1

  priority 200

  peer priority 250

  associate-context Admin

  inservice


since you omitted the part of your configuration, I assume that you've already configured ressource-classes, access-lists, snmp etc.

Once the baseline Admin-context has been configured, make sure that the FT is working properly. Issue a 'sh ft grou status' on the admin-context and make sure, that it reads something like this:


FT Group                     : 1
Configured Status         : in-service
Maintenance mode       : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
Peer State                   : FSM_FT_STATE_STANDBY_HOT
Peer Id                        : 1
No. of Contexts            : 1


Then, define your virtual contexts, resource-class allocation and vlan-allocation. And then simply repeat the FT-group configuration and prioritize your contexts according to your needs. Since the FT is already established and, hopefully, working, you only need to configure this on the active Admin-context:


ft group 2

  peer 1

  priority 250

  peer priority 200

  associate-context V-CONTEXT-A

  inservice


ft group 3

  peer 1

  priority 200

  peer priority 250

  associate-context V-CONTEXT-B

  inservice


You could end your work by issuing a 'show ft group status' the verify the FT for the two virtual contexts. Just remember, that initially the status might very well read BULK. This changes, once the sync is completed.


hth


/Ulrich

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
UHansen1976 Wed, 06/02/2010 - 12:40

Hi Robert,


The process of selecting which module has active ownership of a given context is determined by the priority, much like HSRP. In your configuration, you want to "share the load" of your two virtual contexts between the two modules. Also remember to define priority for your admin-context as well.


This sample config should help you get started:


ACE/CHASSIS 1

------------------------

interface vlan 1000





  service-policy input REMOTE_MGMT_ALLOW_POLICY

  no shutdown



ft interface vlan 60

  ip address 10.10.60.10 255.255.255.0

  peer ip address 10.10.60.11 255.255.255.0

ft peer 1

  heartbeat interval 300

  heartbeat count 20

ft-interface vlan 60

  query-interface vlan 1000

ft group 1

  peer 1

  priority 250

  peer priority 200

  associate-context Admin

  inservice



ACE/CHASSIS 2

------------------------

interface vlan 1000





  service-policy input REMOTE_MGMT_ALLOW_POLICY

  no shutdown



ft interface vlan 60

  ip address 10.10.60.11 255.255.255.0

  peer ip address 10.10.60.10 255.255.255.0

ft peer 1

  heartbeat interval 300

  heartbeat count 20

ft-interface vlan 60

  query-interface vlan 1000

ft group 1

  peer 1

  priority 200

  peer priority 250

  associate-context Admin

  inservice


since you omitted the part of your configuration, I assume that you've already configured ressource-classes, access-lists, snmp etc.

Once the baseline Admin-context has been configured, make sure that the FT is working properly. Issue a 'sh ft grou status' on the admin-context and make sure, that it reads something like this:


FT Group                     : 1
Configured Status         : in-service
Maintenance mode       : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
Peer State                   : FSM_FT_STATE_STANDBY_HOT
Peer Id                        : 1
No. of Contexts            : 1


Then, define your virtual contexts, resource-class allocation and vlan-allocation. And then simply repeat the FT-group configuration and prioritize your contexts according to your needs. Since the FT is already established and, hopefully, working, you only need to configure this on the active Admin-context:


ft group 2

  peer 1

  priority 250

  peer priority 200

  associate-context V-CONTEXT-A

  inservice


ft group 3

  peer 1

  priority 200

  peer priority 250

  associate-context V-CONTEXT-B

  inservice


You could end your work by issuing a 'show ft group status' the verify the FT for the two virtual contexts. Just remember, that initially the status might very well read BULK. This changes, once the sync is completed.


hth


/Ulrich

David Niemann Thu, 09/19/2013 - 13:39

Does the VLAN 1000 interface need an IP on it to be the query-interface? I'm a little confused on the use of this interface.  I understand the FT interface, what is the query-interface really used for?

Actions

This Discussion