[c-nsp] FWSM failover issue

Greg Schwimer gschwimer at godaddy.com
Thu Feb 17 10:57:07 EST 2005


I had a *very* bad experience with 2.3(1).  I suggest caution and 
exhaustive bug scrubs when considering any version change.  Of course, 
doing this didn't catch what we ran into...

Josh Duffek wrote:

>Why not just upgrade to 2.3(1)?  I had problems with failover and
>crashes in the 1.1versions...but 2.3(1) has been pretty solid for me.
>
>josh duffek    network engineer
>consultantjd16 at ridemetro.org
>
>  
>
>>-----Original Message-----
>>From: cisco-nsp-bounces at puck.nether.net [mailto:cisco-nsp-
>>bounces at puck.nether.net] On Behalf Of Mike Carter
>>Sent: Wednesday, February 16, 2005 5:21 PM
>>To: cisco-nsp at puck.nether.net
>>Subject: [c-nsp] FWSM failover issue
>>
>>The issue we are having with the FWSM's is the following:
>>The primary FWSM blocks all established and new connections when it is
>>"active". If I failover to the secondary FWSM, it will handle all
>>established and new connections.
>>We are running FWSM version 1.1.4.
>>The event that triggered this problem is the following bug:
>>SCef46506 - FWSM NP3 may stuck unexpectedly
>>Description:
>>After some days of normal operation a FWSM running 1.1(4) may get
>>    
>>
>stuck.
>  
>
>>If this FWSM is in failover, then both FWSM become active and no
>>    
>>
>network
>  
>
>>traffic can pass through this failover pair.
>>Cisco has an interim release of 1.1.4(3) for the fix to this issue. I
>>    
>>
>will
>  
>
>>be upgrading to this version when I can get the failover to be
>>successful...CURRENT FAILOVER PROCESS IS BLOCKING ALL TRAFFIC THRU THE
>>    
>>
>TH
>  
>
>>FWSM.
>>ANYONE HAVE IDEAS HOW TO RESOLVE THIS????????
>>TIA!
>>
>>Michael Carter
>>763-475-5327
>>
>>_______________________________________________
>>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>https://puck.nether.net/mailman/listinfo/cisco-nsp
>>archive at http://puck.nether.net/pipermail/cisco-nsp/
>>    
>>
>
>_______________________________________________
>cisco-nsp mailing list  cisco-nsp at puck.nether.net
>https://puck.nether.net/mailman/listinfo/cisco-nsp
>archive at http://puck.nether.net/pipermail/cisco-nsp/
>  
>


More information about the cisco-nsp mailing list