ACE 4710 - FT Fault Tolerance Problem - Active /Active

Unanswered Question
Aug 4th, 2010
User Badges:

Hello all,


I have a situation with 2 ACE 4710 appliances and fault tolerance.  The 2 devices can see each other, and have sync'd configs.  The issue is when I physically disconnect the active ACE from the switch, the redundant ACE become active (as expected), however the disconnected ACE also reports it's state as active.


I am not sure if this is normal, as the disconnected ACE has no way of knowing the state/priority value of the redundant ACE.  It does however decrease it's priority value as configured.


The real problem comes when I reconnect the ACE - I have a situation where both ACE's are active, and clients can't fetch content from the serverfarm for 30-60secs.  I presume this is because of  possible VMAC conflicts in the switches MAC address table or similar?


I have tried using both query-interface and the tracking interface options with the same results, also note I have preemption enabled, and am using different shared VLAN id's on the ACES.  The ft config is below;


ACE1


ft interface vlan 200
  ip address 192.168.254.9 255.255.255.0
  peer ip address 192.168.254.10 255.255.255.0
  no shutdown


ft peer 1
  heartbeat interval 300
  heartbeat count 10
  ft-interface vlan 200


ft group 1
  peer 1
  priority 70
  peer priority 50
  associate-context Admin
  inservice


ft track interface FT_TRACK_vlan31
  track-interface vlan 31
  peer track-interface vlan 31
  priority 30
  peer priority 30


ft group 2
  peer 1
  priority 70
  peer priority 50
  associate-context VC_DMZ1Exchange2010
  inservice



ACE2


ft interface vlan 200
  ip address 192.168.254.10 255.255.255.0
  peer ip address 192.168.254.9 255.255.255.0
  no shutdown


ft peer 1
  heartbeat interval 300
  heartbeat count 10
  ft-interface vlan 200


ft group 1
  peer 1
  priority 50
  peer priority 70
  associate-context Admin
  inservice


ft track interface FT_TRACK_vlan31
  track-interface vlan 31
  peer track-interface vlan 31
  priority 30
  peer priority 30


ft group 2
  peer 1
  priority 50
  peer priority 70
  associate-context VC_DMZ1Exchange2010
  inservice



This is the state of the ft groups on the disconnected ACE (whilst disconnected)


FT Group                     : 1
Status                       : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
My Config Priority           : 70
My Net Priority              : 40
My Preempt                   : Enabled
Context Name                 : Admin
Context Id                   : 0
Track Name                   : FT_TRACK_vlan31
Track type                   : TRACK_INTF
Vlan Id                      : 31
State                        : TRACK_DOWN
Priority                     : 30
Transitions                  : 8



FT Group                     : 2
Status                       : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
My Config Priority           : 70
My Net Priority              : 40
My Preempt                   : Enabled
Context Name                 : VC_DMZ1Exchange2010
Context Id                   : 1
Track Name                   : FT_TRACK_vlan31
Track type                   : TRACK_INTF
Vlan Id                      : 31
State                        : TRACK_DOWN
Priority                     : 30
Transitions                  : 4




Please let me know if you need any more details, and thanks in advance for any help.


Cheers,

Jeremy

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jlamousn Thu, 08/05/2010 - 11:18
User Badges:

Jeremy,


Once you disconnect the 1st ACE, he will no longer receive heartbeats from the standby and because he has no way of knowing the state/priority value of the redundant ACE, he would become active.  So that is normal.


When you reconnect the interface, both aces would be active until they reconverge and at that time whoever has the highest priority would remain active and the other would demote to standby.


To protect yourself from this situation, I would suggest you use a separate physical interface for the ft vlan from the one that carries the rest of your vlans including the query vlan.  And go directly to the other ace using a crossover for that ft interface link, bypassing the switch.


Thanks

Joel Lamousnery

TAC Customer Support Engineer

Dan-Ciprian Cicioiu Tue, 08/10/2010 - 11:26
User Badges:
  • Gold, 750 points or more

Hi ,


I have the same problem .The setup includes a dedicated FT interface.


In my searches i found : http://www.cisco.com/en/US/prod/collateral/contnetw/ps5719/ps7027/ps8361/guide_c07-572616.pdf

Look at : Preemtion with fault-tolerant tracking


Also think about the spanning-tree on the switches that ACEs connects to : do you have portfast enabled on that ports ?


Dan



Actions

This Discussion