I have a pair of ACE appliance setup to failover on the FT TRACK of a vlan. I tried disconnecting the primary ACE from network and failover did not occur and the backup did not takeover. Also indicated in the FT group summary.Attachemnts are FT configs
Are your ACEs in active-standby mode (verify with "sh ft group 1") Are they seeing eachother?
How did you perform your test? Have you disconnected all cables? the interface VLAN1000 needs to go down, so if VLAN1000 is on multiple trunks, all of those trunks need to be down.
Yes they are in active/standby and synced.
vlan1000 is only on 1 physical interface and I took it down by disconnecting the cable on the primary.The secondary never took over and a sho ft group summ showed it still in standby.
this looks good.
We'll need the same information when you unplug the cable.
Also get a 'show interface' so we can see if the interface is down.
it looks ok.
The only problem you could get is if the link goes down at the same time on both side.
You would not see a failover because both devices would end up with a null priority.
Perform the test and capture the necessary info to see what is going on.
show ft group detail
show ft track detail
on both (active + standby) the vlan 1000 interface is down. They both have decreased their priority, and both have now priority 0. That is why no failover occured.
Your test should be to disconnect the cable where VLAN1000 is on from the active, but leave it on the standby. That way the active will receive priority 0 and the standby will become active with priority 100.
ok well that is part of the problem in my second post. Even though the two vlan interfaces 1000 and 1001 are physically connected on the secondary they always show as down. Even with the primary completely off.Obviously when the secondary is in standby they should be down but when the primary is off they should come up.
OK. Here is second test that is much worse.
Primary completely down. Secondary didnt do anything. It says its active but it didnt pass any traffic and it couldnt ping anything. I noticed the bvi never went with the active ip address. This brings into question my complete FT config. The chances of a vlan1000 failure is slim but if the primary crashes I want the secondary to take over. I have 2 sets of old CSS switches that failover fine. Maybe instead of using tracking at all I should just do the query interface.
you should have given us your complete config since day one.
The FT config part is correct since the standby became active. This is all FT does.
The problem is that you did not configure an ip address for the standby.
In the active config, for each interface MUST have :
ip address x.x.x.x1 ....
peer ip address x.x.x.x2 ....
alias address x.x.x.x3...
The ip address x1 is for primary ace, x2 for the secondary and x3 is shared.
x1 and x2 stays with their ace whatever the status.
x3 stays with the active ace and goes from primary to secondary when necessary.
You are most probably missing the 'peer ip address'. This is bad.
Also, the secondary should be running just like the primary even in standby mode. It should be able to ping devices, send probes, ...
So before failover, make sure the secondary is "alive".
Ok, that is done. I am waiting for a testing window again. But I can ping from the secondary and the interfaces show as up with a ft status of standby.
Can you please look at my configs again to make sure all my priorities and the ft track is correct. I saw a reference in another suggestion that had incorrect priority values that would not allow failover.