FWSM + Content Service Modules failover issue

albertlyp · ‎07-02-2006

hi,

I encountered problem when trying to perform a failover test on the CSM module on two CAT6513s. Below illustrates the setup of the network:

FTP client ==> FWSM ==> CSM ==> FTP servers

Two CAT6513 with FWSM and CSM are in the setup.

Test secenario and observations:

The client started a FTP connection to the VIP of the FTP service on the CSM. The FTP connection was successful and a download was initiated. In the middle of downloading, a reset command was issued on the primary CSM to force a failover to the standby CSM. The standby CSM was verified to have taken over as the primary CSM. The download session halted and subsequent attempts to initiate a FTP connection to the VIP was not successful. However, the client is able to ping to the VIP.

It was only after about half an hour or so that the problem resolve on its own.

However, no such problem occur when the FWSM is removed from the network setup. The FTP download session was not torn down even when the CSM failover took place.

Is there any configuration that I need to do on the FWSM policy or on the CSM configuration for this FTP service?

Thanks!

Albert Lai

a.kiprawih · ‎07-03-2006

Hi Albert,

I am not too familiar with CSM, but what's the configuration for the FWSM? What I can assumed is that it was running in Active/Standby mode, but do not know whether stateful failover was also enabled. With stateful failover, the FTP session should be able to continue without any issue.

Since you mentioned standby CSM was successfully taking over the FTP process, my early assumption has something to do with stateful failover.

Can you share the failover configuration part and static NAT of the virtual IP@VIP?

Rgds,

AK