[c-nsp] ASA failover

Jay Nakamura zeusdadog at gmail.com
Thu Aug 11 12:35:28 EDT 2011


Thanks Joerg,  I am not sure how I missed that.

For those who are curious or googling, this is what I found

1.
Link Up/Down test—A test of the interface status. If the Link Up/Down
test indicates that the
interface is operational, then the ASA performs network tests. The
purpose of these tests is to
generate network traffic to determine which (if either) unit has
failed. At the start of each test, each unit clears its received
packet count for its interfaces. At the conclusion of each test, each
unit looks to see if it has received any traffic. If it has, the
interface is considered operational. If one unit receives traffic for
a test and the other unit does not, the unit that received no traffic
is considered failed. If neither unit has received traffic, then the
next test is used.
2.
Network Activity test—A received network activity test. The unit
counts all received packets for up to 5 seconds. If any packets are
received at any time during this interval, the interface is considered
operational and testing stops. If no traffic is received, the ARP test
begins.
3.
ARP test—A reading of the unit ARP cache for the 2 most recently
acquired entries. One at a time, the unit sends ARP requests to these
machines, attempting to stimulate network traffic. After each request,
the unit counts all received traffic for up to 5 seconds. If traffic
is received, the interface is considered operational. If no traffic is
received, an ARP request is sent to the next machine. If at the end of
the list no traffic has been received, the ping test begins.
4.
Broadcast Ping test—A ping test that consists of sending out a
broadcast ping request. The unit then counts all received packets for
up to 5 seconds. If any packets are received at any time during this
interval, the interface is considered operational and testing stops.


On Thu, Aug 11, 2011 at 11:16 AM, Joerg Mayer <jmayer at loplof.de> wrote:
> On Thu, Aug 11, 2011 at 10:28:37AM -0400, Jay Nakamura wrote:
>> I can't seem to find any information on what the ASA "tests" when it's
>> configured for failover configuration and it detects a problem.  This
>> is the log entry I am talking about.
>
> Yes, searching information at the cisco web site can be intimidating :-)
> The information you need can be found in the cli config guide for the ASA.
> For software 8.4, it is the section [Configuring High Availability] ->
> [Failover Health Monitoring] (in my edition that would be page 1259).
>
> Ciao
>   Joerg
> --
> Joerg Mayer                                           <jmayer at loplof.de>
> We are stuck with technology when what we really want is just stuff that
> works. Some say that should read Microsoft instead of technology.
>



More information about the cisco-nsp mailing list