Understanding Failover Link and State Link

Unanswered Question
Aug 17th, 2012

Whatt is the difference between failover link and state link in the context of Cisco FWSM? Why do I need both or what is the best practice? Thanks in advance. Just trying to understand.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Julio Carvaja Fri, 08/17/2012 - 14:53

Hello ,

The difference is that the stateful link is the one in charge of handling the replication of the connections across the FWSM ( Used for the stateful failover) so if by any chance the device goes down the connections already established do not go down.

Regards

atrey_nyph Sat, 08/18/2012 - 20:42

Well I should have asked question different way. I have config for two pairs (one pair in one segment and another pair in another segment) and failover configuration is different in terms of one pair has two unique vlans being trunks across crossover cable - unique LAN failover vlan and state vlan while other pair only has one vlan for both purposes...

PAIR-1

failover

failover lan unit primary

failover lan interface failover Vlan100

failover polltime unit 15 holdtime 45

failover link failover Vlan100

failover interface ip failover 192.168.1.1 255.255.255.252 standby 192.168.1.2

PAIR-2

failover

failover lan unit primary

failover lan interface failover Vlan300

failover polltime unit 1 holdtime 3

failover polltime interface 3

failover interface-policy 1

failover link stateful Vlan301

failover interface ip failover 192.168.254.1 255.255.255.252 standby 192.168.254.2

failover interface ip stateful 192.168.254.5 255.255.255.252 standby 192.168.254.6

According Cisco's failover configuration document you should have two vlans trunked across two chassis (ASA or FWSMs on 6500s). I am trying to understand what type of traffic "lan interface failover" vlan 300 in above config and "link stateful" vlan 301 in above config carry across? What is the best practice? should have uniqe vlans or just one vlan for both purposes? Sorry for not being clear on my initial question.

Julio Carvaja Sat, 08/18/2012 - 23:14

Hello Atrey,

Well it is 100 % recommeded to use 2 different vlans ( FWSM) or 2 different interfaces (ASA) for the failover link and the state link between 2 units, this because of the amount of data being transfered on both of this links,

Not all the time you have the oportunity to use 2 of them so that is why you can use only one, I have seen a lot of scenarios using just one and that works perfect but again if possible then use 2

Is just a desing preference or optimization

Regards,

Julio

Actions

Login or Register to take actions

This Discussion

Posted August 17, 2012 at 2:23 PM
Stats:
Replies:3 Avg. Rating:
Views:410 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 7,861
2 6,140
3 3,170
4 1,473
5 1,446