[c-nsp] FWSM HA secondary reload & long downtime
Peter Rathlev
peter at rathlev.dk
Thu Mar 12 16:22:28 EDT 2009
On Wed, 2009-03-11 at 19:14 +0100, Andrew Yourtchenko wrote:
> On Wed, 11 Mar 2009, Peter Rathlev wrote:
> > This of course points to something else being the problem, not the
> > FWSM.
>
> *bling* too strong of an assumption :).
Ironically that was a very precise observation. ;-) I've looked much
more thoroughly at the logs now, and finally I discovered what would've
taken only few moments to see had I just opened my eyes.
It turns out that more than one context had problems. I think I was
tired when I looked at the configuration differences. Specifically all
contexts with no "monitor-interface"-configuration were affected. Every
context with at least one "monitor-interface" had no problems.
I seem to remember that we stopped using "monitor-interface" in the
individual contexts a year or so back, thinking that when failover is
always system wide anyway, and since all the relevant VLANs share the
same underlying (redundant) path, we could just as well only monitor one
interface in the admin context. By chance a couple of other contexts had
some monitors that weren't removed back then.
It is of course a joy to have figured this out, but I can't seem to find
anything much on what "monitor-interface" in a multiple context setup
actually does or doesn't do.
Should every context have one monitor-interface? Should all interfaces
be monitored or just one per context?
Regards,
Peter
More information about the cisco-nsp
mailing list