08-04-2009 12:01 AM
Dear Experts,
We have 4 ACE 4710 appliances. 2 are primary and 2 are secondary for them. Few days back we had a migration and i wanted to check the FT of both the ACEs and plugged out the power cable of Primary ACE. But, nothing happened.! All the VIPs stopped pinging. The secondary didn't come up as primary. show ft stats stopped updating the counter.
Please help. Config attached.
08-04-2009 02:17 AM
the config is correct.
Did you get a 'show tech' on the standby ?
Do you have a 'show ft group summary' before and after pulling the cable ?
Failover could have happened but something else prevented the vip to be accessible.
G.
08-04-2009 08:10 AM
No..! Dont have the show tech before pulling the cable. I will post the 'sh ft summ' when i'll connect my VPN. Right now i'm at home.
But one thing is, when i disconnected both the ACEs from one place; i plugged only secondary and tried pinging but none of the VIP was pinging. Then when i connected the primary, everything started working.
Any ideas?
Regards,
Akhil
08-10-2009 08:48 PM
Hi,
Here is the 'sh ft group summary' of both the ACEs.
APP-ACE/Admin# sh ft group summary
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_ACTIVE
My Config Priority : 150
My Net Priority : 150
My Preempt : Enabled
Peer State : FSM_FT_STATE_STANDBY_HOT
Peer Config Priority : 100
Peer Net Priority : 100
Peer Preempt : Enabled
Peer Id : 1
No. of Contexts : 1
switch/Admin# sh ft group summary
FT Group : 1
Configured Status : in-service
Maintenance mode : MAINT_MODE_OFF
My State : FSM_FT_STATE_STANDBY_HOT
My Config Priority : 100
My Net Priority : 100
My Preempt : Enabled
Peer State : FSM_FT_STATE_ACTIVE
Peer Config Priority : 150
Peer Net Priority : 150
Peer Preempt : Enabled
Peer Id : 1
No. of Contexts : 1
Please help...
08-11-2009 01:04 AM
Please help me with this. Its really urgent. :-(
Please let me know if any other info is required.
Regards,
Akhil
08-11-2009 06:52 AM
We need more troubleshooting to be done when the issue is happening.
Show tech.
Show arp.
Can you ping interfaces.
Sniffer trace.
Can't assist with just symptoms.
Gilles.
08-11-2009 08:30 PM
Hhmm.. Ok, I am going to take the downtime cuz the network is live now. Will do all the testings and troubleshooting and get back to you with the results.
Thanks for your support..
Regards,
Akhil
08-17-2009 11:47 PM
Hi,
After a couple of testings i have some information to share with you.
As per the config i pasted above, my primary Ace's priority is 150 and secondary's default 100. As per Ace help when the active member of a fault-tolerant group becomes unresponsive, its priority is reduced by 10. Since my active's priority was 150 the secondary was not taking place of active. I changed the priority to 105 and atleast switchover started happening.
Now the problem is, when the secondary is acting as primary, there is nothing in its arp table and cuz of that, nothing is pinging. In the vlan config, the ip address is still as "peer ip address". i added an ip address in the same vlan of same subnet and it started pinging. but when the primary came up, the config was again to the previous one. the ip address command was deleted. Here is the config of vlans.
interface vlan 32
description *** client vlan ***
ip address 172.18.120.39 255.255.255.240
access-group input ALL
no shutdown
interface vlan 33
ip address 172.18.126.132 255.255.255.128
access-group input ALL
no shutdown
interface vlan 111
description *** server vlan ***
ip address 172.18.111.4 255.255.255.0
service-policy input permit_icmp_policy
service-policy input remote_mgmt_allow_policy
no shutdown
interface vlan 121
description *** Management Vlan ***
ip address 172.18.121.14 255.255.255.0
peer ip address 172.18.121.15 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
interface vlan 32
description *** client vlan ***
peer ip address 172.18.120.39 255.255.255.240
access-group input ALL
no shutdown
interface vlan 33
peer ip address 172.18.126.132 255.255.255.128
access-group input ALL
no shutdown
interface vlan 111
description *** server vlan ***
peer ip address 172.18.111.4 255.255.255.0
service-policy input permit_icmp_policy
service-policy input remote_mgmt_allow_policy
no shutdown
interface vlan 121
description *** Management Vlan ***
ip address 172.18.121.15 255.255.255.0
peer ip address 172.18.121.14 255.255.255.0
access-group input ALL
service-policy input remote_mgmt_allow_policy
no shutdown
Now, how will these Vlan interfaces will shift to secondary ace?
Thanks and Regards
Akhil
08-19-2009 02:30 AM
Anybody there to help?
Thanks in advance..
08-19-2009 09:16 AM
The problem is that you do not have bith ip's configured. You need to congure 2 ip's (ip and peer ip on interface)
when you are in the naormal mystate active and peer state standby hot, on the active ace you need to configure (on example you need to do this on all)(assume standby will have 131
interface vlan 33
ip address 172.18.126.132 255.255.255.128
peer ip address 172.18.126.131 255.255.255.128
255.255.255.128
access-group input ALL
no shutdown
this will then get sync'd to standby and you will see these addresses reversed on standby config.
currently with only ip assigned on active it gets written as peer ip to standby so when you switch the standby has no ip address.
08-21-2009 05:24 AM
I got it. But then if the failover will happen, the IPs will get changed and the servers with the default route towards ACE will stop working. For that do i have to assign Alias IP in the Vlan interface? Which will float to secondary after the failover? And the gateway of servers will remain alive.
Thanks
Akhil
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide