[c-nsp] ASA5585-X IPS Upgrade causes ASA failover

[Antonio Soares]

Hello group,

I had a bad surprise today, I was updating the IPS software of two
ASA5585-SSP-IPS10 modules and found that it caused the Failover of the
parent ASA5585-SSP-10. It seems this is the normal behavior
(https://supportforums.cisco.com/thread/2035549) but I was not expecting
this at all. I'm not using any of the SSP-IPS10 interfaces thus there is not
monitoring on those interfaces so why the hell this is like this ? I knew
that the IPS upgrade would cause the module reload but taking into account
what I mentioned, it  caught me completely by surprise. This should not be a
big problem but since I have OSPF running on the ASAs, Failover is something
that breaks a lot of things. No NSF support... :(

Anyone knows if it is possible to disable this behavior, I mean, the
implicit monitoring of the IPS module ? This is what failover history shows
me:

18:36:55 WEST Nov 9 2012
Standby Ready              Just Active                Service card in other
unit has failed
18:36:55 WEST Nov 9 2012
Just Active                Active Drain               Service card in other
unit has failed
18:36:55 WEST Nov 9 2012
Active Drain               Active Applying Config     Service card in other
unit has failed
18:36:55 WEST Nov 9 2012
Active Applying Config     Active Config Applied      Service card in other
unit has failed
18:36:55 WEST Nov 9 2012
Active Config Applied      Active                     Service card in other
unit has failed

Is this really the expected behavior ? I'm still trying to find where this
is documented.


Thanks.

Regards,

Antonio Soares, CCIE #18473 (R&S/SP)
amsoares at netcabo.pt
http://www.ccie18473.net