Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
338
Views
0
Helpful
2
Replies

FWSM failover issue

Go to solution
snakayama
Level 3
Level 3

‎08-11-2006 01:38 AM - edited ‎03-09-2019 03:52 PM

Hi everyone,

I have a question about FWSM failover.

I understand I can configure ?polling interval? to detect the loss of reachability between Active FWSM and Standby FWSM and not configure ?retry count of polling? that Standby FWSM recognize Active FWSM fails.

I changed ?polling interval to 3 (minimum value) to confirm what time is needed (elapsed) to get take over successfully done.

The result of my investigation, about 30 seconds needed (elapsed) to get take over successfully completed.

So I think 30 seconds is the minimum (best) time to get take over successfully completed, because I can change ?polling interval? only, not ?retry count?.

Is my understanding correct?

Or, are there any parameters to speed up take over less than 30 seconds?

Your information would be greatly appreciated.

Best Regards,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
a.kiprawih
Level 7
Level 7

‎08-12-2006 04:41 AM

Hi,

How fast FWSM can start the failover checking process?

primary(config)# failover polltime [unit] [msec] number [holdtime seconds]

-> polltime unit [msec] number - how fast you want the polling/checkin gof the interface status before failover checking process started.

The amount of time between hello messages. Set the time in seconds between 1 (fastest) and 15. The default is 1 second. If you specify msec, you can set the time between 500 and 999 milliseconds.

-> holdtime number - sets the time during which a unit must receive a hello message on the failover link, or else the unit begins the testing process for peer failure. Set the time in seconds between 15 and 45. The default is the greater of 15 seconds or 3 times the polltime. You cannot enter a value that is less than 3 times the polltime. Meaning lowest or fastest holdtime is 15 sec.

time=15 sec

This is a standard check during failover checking processes before the new blade is elected as active FWSM:

1. Link Up/Down test?A test of the VLAN status. If the Link Up/Down test indicates that the VLAN is operational, then the FWSM performs network tests. The purpose of these tests is to generate network traffic to determine which (if either) unit has failed. At the start of each test, each unit clears its received packet count for its interfaces. At the conclusion of each test, each unit looks to see if it has received any traffic. If it has, the interface is considered operational. If one unit receives traffic for a test and the other unit does not, the unit that received no traffic is considered failed. If neither unit has received traffic, then the next test is used.

2. Network Activity test?A received network activity test. The unit counts all received packets for up to 5 seconds. If any packets are received at any time during this interval, the interface is considered operational and testing stops. If no traffic is received, the ARP test begins.

*time=5 sec

3. ARP test?A reading of the unit ARP cache for the 2 most recently acquired entries. One at a time, the unit sends ARP requests to these machines, attempting to stimulate network traffic. After each request, the unit counts all received traffic for up to 5 seconds. If traffic is received, the interface is considered operational. If no traffic is received, an ARP request is sent to the next machine. If at the end of the list no traffic has been received, the ping test begins.

*time=5 sec

4. Broadcast Ping test?A ping test that consists of sending out a broadcast ping request. The unit then counts all received packets for up to 5 seconds. If any packets are received at any time during this interval, the interface is considered operational and testing stops.

*time=5 sec

*estimated time for failover checking=15 sec

Total= 30secsonds.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010c0.html#wp1109055

Rgds,

AK

View solution in original post

0 Helpful
2 Replies 2

Go to solution
a.kiprawih
Level 7
Level 7

‎08-12-2006 04:41 AM

Hi,

How fast FWSM can start the failover checking process?

primary(config)# failover polltime [unit] [msec] number [holdtime seconds]

-> polltime unit [msec] number - how fast you want the polling/checkin gof the interface status before failover checking process started.

The amount of time between hello messages. Set the time in seconds between 1 (fastest) and 15. The default is 1 second. If you specify msec, you can set the time between 500 and 999 milliseconds.

-> holdtime number - sets the time during which a unit must receive a hello message on the failover link, or else the unit begins the testing process for peer failure. Set the time in seconds between 15 and 45. The default is the greater of 15 seconds or 3 times the polltime. You cannot enter a value that is less than 3 times the polltime. Meaning lowest or fastest holdtime is 15 sec.

time=15 sec

This is a standard check during failover checking processes before the new blade is elected as active FWSM:

1. Link Up/Down test?A test of the VLAN status. If the Link Up/Down test indicates that the VLAN is operational, then the FWSM performs network tests. The purpose of these tests is to generate network traffic to determine which (if either) unit has failed. At the start of each test, each unit clears its received packet count for its interfaces. At the conclusion of each test, each unit looks to see if it has received any traffic. If it has, the interface is considered operational. If one unit receives traffic for a test and the other unit does not, the unit that received no traffic is considered failed. If neither unit has received traffic, then the next test is used.

2. Network Activity test?A received network activity test. The unit counts all received packets for up to 5 seconds. If any packets are received at any time during this interval, the interface is considered operational and testing stops. If no traffic is received, the ARP test begins.

*time=5 sec

3. ARP test?A reading of the unit ARP cache for the 2 most recently acquired entries. One at a time, the unit sends ARP requests to these machines, attempting to stimulate network traffic. After each request, the unit counts all received traffic for up to 5 seconds. If traffic is received, the interface is considered operational. If no traffic is received, an ARP request is sent to the next machine. If at the end of the list no traffic has been received, the ping test begins.

*time=5 sec

4. Broadcast Ping test?A ping test that consists of sending out a broadcast ping request. The unit then counts all received packets for up to 5 seconds. If any packets are received at any time during this interval, the interface is considered operational and testing stops.

*time=5 sec

*estimated time for failover checking=15 sec

Total= 30secsonds.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010c0.html#wp1109055

Rgds,

AK

0 Helpful

Go to solution
snakayama
Level 3
Level 3
In response to a.kiprawih

‎08-15-2006 08:29 PM

Hi,

Thank you very much for your information.

0 Helpful
Customers Also Viewed These Support Documents