Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

How to fix Fault Tolerance on ACE 20?

Hi,

 

I have two ACE 20's in two 6500's. I have an Admin context with a number of contexts. Unfortunately one context has the backup as FSM_FT_STATE_STANDBY_COLD not Standby_Hot.

 

I have checked its configuration and noticed a number of lines missing from the correct active context. I know now I have to force the config across by taking the ft-group out of service.

 

My question is do I do this on the working ACE or do it on both ACE's admin groups? 

 

I think this is what I do.

config ft group X

no inservice

Give it a few mins to sync across to broken ACE and then put it back inservice?

 

Or do I need to do this on the broken ACE? I don't want to lose the good config and the broken config to copy across.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Hi Netter,I thought you had

Hi Netter,

I thought you had already applied. But i am glad issue is resolved.

Regards,

Kanwal

32 REPLIES
Cisco Employee

Hi Netter,You can do "no ft

Hi Netter,

You can do "no ft auto-sync running-config" and then do "ft auto-sync running-config". Do it same for start-up config too. This should take care of the issue. Also, note that standby-cold state can also be due to missing certificates or any scripts which are missing. Since other contexts are ok it cannot be software mismatch or license mismatch. Kindly do this and this should take care of the issue.

This is done on ACTIVE ACE in configuration mode from affected context itself.

Regards,

Kanwal

New Member

Thanks Kanwalsi, I will give

Thanks Kanwalsi,

 

I will give this a go. i take it it will cause an outage for services in this context?

 

 

Cisco Employee

Hi Netter,There would be no

Hi Netter,

There would be no impact on the services. This will just disable and enable configuration SYNC.

Regards,

Kanwal

New Member

Thanks Kanwalsi,

Thanks Kanwalsi,

 

Unfortunately this did not fix problem. I have looked at crypto files and all files are the same.

Cisco Employee

Hi Netter,That should have

Hi Netter,

That should have fixed the problem. Send me the output of "show ft group detail".

Regards,

Kanwal

New Member

FT Group                    

FT Group                     : 7
No. of Contexts              : 1
Context Name                 : *************************
Context Id                   : 7
Configured Status            : in-service
Maintenance mode             : MAINT_MODE_OFF
My State                     : FSM_FT_STATE_ACTIVE
My Config Priority           : 200
My Net Priority              : 200
My Preempt                   : Enabled
Peer State                   : FSM_FT_STATE_STANDBY_COLD
Peer Config Priority         : 100
Peer Net Priority            : 100
Peer Preempt                 : Enabled
Peer Id                      : 1
Last State Change time       : Wed Oct 30 15:33:06 2013
Running cfg sync enabled     : Enabled
Running cfg sync status      : Peer in Cold State. Error on Standby device when applying configuration file replicated from active
Startup cfg sync enabled     : Enabled
Startup cfg sync status      : Peer in Cold State.  
Bulk sync done for ARP: 0
Bulk sync done for LB: 0
Bulk sync done for ICM: 0
Cisco Employee

Hi Netter,Can you try the

Hi Netter,

Can you try the same commands as suggested above from Admin context. Please do for both running and start-up. Also, do you know if there are scripts that you have on ACTIVE for probing and missing on standby?

Regards,

Kanwal

New Member

Thanks Kalwalsi, willcheck

Thanks Kalwalsi, willcheck now. How do I check for active scripts?

 

Also if I try from admin context will that sync across all configs or do I go into this group 7 context and do it from there?

Cisco Employee

Hi Netter,You can do dir

Hi Netter,

You can do dir disk0: to see if there are any scripts in there. Ensure that they are there on the standby as well. You cannot replicate that and you will need to ftp them to standby. And yes the sync from Admin will be for all contexts. There should be no problem but if you have any apprehensions of doing this in Admin, try to do this in your downtime.

Also, let me know if you get any error while disabling and then enabling the auto-sync.

Regards,

Kanwal

New Member

Thanks Kanwalsi,What I have

Thanks Kanwalsi,

What I have noticed is that there is a script on the active context dated 2009 and the same script is on the standby context dated april 2011. Strange. Is there a quick way to copy the 2009  one on active loadbalancer to  standby loadbalancer.

Cisco Employee

Hi Netter,The date should not

Hi Netter,

The date should not matter. If the script is same it shouldn't be a problem. Check name and size to see if the file is same. Else you would need to upload the script to standby using FTP (no other way) as well or remove the script from ACTIVE if you don't use/need it.

Regards,

Kanwal

New Member

Hi Kanwalsi,One thing I have

Hi Kanwalsi,

One thing I have noticed the scripted probes are the same size but on the active in disk0 it is called ****_probe but on standby it is ****-probe. 

strange the correct name is actually ****-probe the way it is on non working config. 

 

Cisco Employee

Hi Netter,Try to upload with

Hi Netter,

Try to upload with same name and see if that makes a difference. Ensure that crypto files are also same. Other than that i cannot think of anything which should cause the issue. If issue still persists, i would suggest opening a TAC case and let them have a look at it.

Regards,

Kanwal

New Member

Hi Kanwalsi.From the admin

Hi Kanwalsi.

From the admin context by doing 

ft group x

no inservice

inservice

It fixes fault tolerance between the aces but it wipes some config from a sticky serverfarm I was working on in that context. When I put the config back in fault tolerance breaks.

Very strange. Any ideas? or may it still be the probe name?

 

Cisco Employee

Hmm..strange. So you don't

Hmm..strange. So you don't see that configuration in standby after replication happens? This shouldn't be the case. What ever configuration you do should replicated to standby automatically. Standby cold in fact means that device has same exact configuration but may have different sw version, scripts, certs or license. Can you do no ft auto-sync running-config and ft auto-sync running-config and see if that replicates configuration? Can you also send me show ft group detail from Admin context. Also, try and get the script matched first and try again.

Regards,

Kanwal

New Member

 Yes very strange, it wiped

 

Yes very strange, it wiped the config in active and standby ace. It was just a sticky serverfarm. Fault tolerance works but the very minute I put the sticky serverfarm on active config the standby goes to cold and it doesn't have config.

If I break ft and force syn it symcs but delets config. Very strange. I will try and get script matched first. How do I copy it off disk0 to tftp server?

 

Then do I go on standby and delete what is there and copy in script from tftp server?

Cisco Employee

Hi,Is that serverfarm

Hi,

Is that serverfarm associated with that scripted probe?  if yes, try removing just the probe and see if it works fine? Yes you can copy the script to ftp server, and then put in standby and then delete the one which you don't need to standby and try again.

 

Kanwal

New Member

Hi Kanwalsi, Thats the funny

Hi Kanwalsi, 

Thats the funny thing the scripted probe isn't associated with the serverfarm where the config gets deleted. This is relatively new  config section.

I am not sure if it is the scripted probe at all since it seems to be working fine now. Its just when I add in this stickyserverfarm it seems to break. I will add in a test probe tomorrow and just see does that sync across.

When the standby is active cold it doesn't have the new stickyfarm config. I was wondering could I manly put it in at this stage on the standby config?

Cisco Employee

Hi Netter,This is strange

Hi Netter,

This is strange because if it is removing serverfarm configuration, it must be removing policy etc associated with it. You cannot simply delete a serverfarm unless it is NOT associated with any policy. If it is standalone then that's another thing. Can you do "show ft config-errors" and see what error do you get while that serverfarm is in the config? Can you also get me show ft history cfg_cntlr output?

Regards,

Kanwal

New Member

Hi Kanwalsi, Firstly thanks

Hi Kanwalsi,

 

Firstly thanks for all your help on this. When I first noticed standby cold I checked both config and noticed the below context was in active config but not standby config:

sticky ip-netmask 255.255.255.255 address source STICKY-SSL-****-FARM
timeout 720
timeout activeconns
replicate sticky
serverfarm ****-FARM

 

policy-map type loadbalance first-match ****-HTTPS-POLICY
class SSLCLASS
sticky-serverfarm STICKY-SSL-****-FARM
ssl-proxy client SSL_CLIENT
class class-default
sticky-serverfarm STICKY-SSL-****-FARM
ssl-proxy client SSL_CLIENT

 

When I removed this I could get them to sync. The very minute I add the sticky farm it goes standby cold.  

 sh ft config-error 
No bulk config apply errors

 

I have uploaded  show ft history cfg_cntlr output   in attached file

New Member

Hi Kanwalsi,Sorry discovered

Hi Kanwalsi,

Sorry discovered this from standby config:

 sh ft config-error 
Wed Jun  4 11:40:39 UTC 2014
 
`sticky ip-netmask 255.255.255.255 address source STICKY-SSL-****-FARM`
Error: sticky resource not available
--
 
`sticky-serverfarm STICKY-SSL-****-FARM`
Error: Sticky group does not exist!
--
 
`sticky-serverfarm STICKY-SSL-FILR-FARM`
Error: Sticky group does not exist!
 
Error(s) while applying config.
 

 

Cisco Employee

Hi Netter,If you haven't

Hi Netter,

If you haven't allocated any resource for sticky, please do so and try again.

Regards,

Kanwal

New Member

Thanks Kanwalsi,I have this

Thanks Kanwalsi,

I have this on admin context on active ace:

resource-class *****
  limit-resource all minimum 0.00 maximum unlimited
  limit-resource sticky minimum 10.00 maximum equal-to-min

Can I add it to admin context on standby ace without any interference to services in that context or other contexts?

Cisco Employee

Hi Netter,Yes it should be

Hi Netter,

Yes it should be fine. The allocation of resources can be done dynamically and its effect will take place once resources are freed. But there would be no impact.

Regards,

Kanwal

New Member

Thanks,Just did that but

Thanks,

Just did that but still in cold state after trying to force a sync. Will try again.

New Member

Hi Kanwalsi, I managed to get

Hi Kanwalsi,

 

I managed to get  it in hotstandy state by removing sticky farm config from active one and then sinking across.

But the very minute I add in sticky farm it goes to cold.

Any ideas?

New Member

Hi Kanwalsi,Just another

Hi Kanwalsi,

Just another update I took out the sticky farm and go hot standby working. I just added a test probe and it sync'd across fine. Just seems to have issues syncing across the sticky serverfarm although the resource error doesn't appear on standby one now.

New Member

Hi Kanwalsi,Here is a copy of

Hi Kanwalsi,

Here is a copy of the sh ft history cfg_cntlr on the admin context of active ace and standby ace after I add the sticky serverfarm config.

Active ACE:

78:1958 => Jun 04 14:30:47: cfgcntlr_handle_mts_msg:4221 Received
startup cfg changed for context 0
79:1959 => Jun 04 14:32:36: cfgcntlr_handle_mts_msg:4143 Received
STOP_ALL_SYNC notification for FT Group 7
 End of Debug History Log

Standby ACE
62:1192 => Jun 04 14:30:24: cfgcntlr_handle_mts_msg:4221 Received
startup cfg changed for context 0
62:1193 => Jun 04 14:32:36: cfgcntlr_handle_mts_msg:4195 Received
STANDBY_COLD notification for FT Group 7
 End of Debug History Log

 

Cisco Employee

Hi Netter,If the resource

Hi Netter,

If the resource error is gone, do you get any other error if you do show ft config-error? So as soon as you apply sticky serverfarm, you faced the issue. Please do one thing if okay- Try and remove the sticky serverfarm, sticky group and do the sync. After that put in  the configuration again and see if that makes a difference.

Regards,

Kanwal

246
Views
9
Helpful
32
Replies
CreatePlease to create content