[c-nsp] FWSM Failover Issue
Antonio Soares
amsoares at netcabo.pt
Fri Jun 3 07:45:41 EDT 2011
I was reading the document I mentioned more carefully and found one possible
explanation:
++++++++++++++++++++++++++++++++++++
Unit Health Monitoring
FWSM determines the health of the other unit by monitoring the failover
link. When a unit does not receive hello messages on the failover link, then
the unit sends an ARP request on all interfaces, including the failover
interface. FWSM retries a user-configurable number of times. The action FWSM
takes depends on the response from the other unit. See the following
possible actions:
•If FWSM receives a response on any interface, then it does not fail over.
•If FWSM does not receive a response on any interface, then the standby unit
switches to active mode and classifies the other unit as failed.
•If FWSM does not receive a response on the failover link only, then the
unit does not failover. The failover link is marked as failed. You should
restore the failover link as soon as possible because the unit cannot fail
over to the standby while the failover link is down.
++++++++++++++++++++++++++++++++++++
The third seems a possibility that I'm investigating. The first switch was
isolated manually, I mean, it didn't went down by power failure or something
like that. Maybe the switches had some type of connectivity in any other of
the remaining VLANs.
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
-----Original Message-----
From: Antonio Soares [mailto:amsoares at netcabo.pt]
Sent: sexta-feira, 3 de Junho de 2011 12:03
To: 'cisco-nsp at puck.nether.net'
Subject: FWSM Failover Issue
Hello group,
I'm troubleshooting a FSWM Failover issue. The scenario has the two FWSM in
different chassis in Active/Active mode.
One chassis went down and the FSWM in the other chassis didn't assume the
control of the two failover groups.
The only message that was possible to capture was:
"FO_LINK Vlan 1998 Failed – No switchover"
I'm not able to find out in which situations the Vlan could have failed.
According to the document bellow (Table 13-2 Failover Behavior for
Active/Active Failover), this could be seen as normal behavior:
http://www.cisco.com/en/US/docs/security/fwsm/fwsm32/configuration/guide/fai
l_f.html#wp1052847
1) Failover link failed during operation-> 2) No failover-> 3) Each unit
marks the failover interface as failed. You should restore the failover link
as soon as possible because the unit cannot fail over to the standby unit
while the failover link is down.
My question is how could that FO_LINK VLAN go down ? The FO and STATE VLANs
were present on the switch and nobody touched them.
The FWSM is running 3.2(7).
Thanks.
Regards,
Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net
More information about the cisco-nsp
mailing list