Regular Failover; Stateful Failover - Cisco 7604 Configuration Manual

Understanding Failover

Regular Failover

When a failover occurs, all active connections are dropped. Clients need to reestablish connections when
the new active unit takes over.

Stateful Failover

When Stateful Failover is enabled, the active unit continually passes per-connection state information to
the standby unit. After a failover occurs, the same connection information is available at the new active
unit. Supported end-user applications are not required to reconnect to keep the same communication
session.
The state information passed to the standby unit includes the following:
•
•
•
•
•
•
•
•
•
The information that is not passed to the standby unit when Stateful Failover is enabled includes the
following:
•
•
•
Note If failover occurs during an active Cisco IP SoftPhone session, the call will remain active because the
call session state information is replicated to the standby unit. When the call is terminated, the IP
SoftPhone client will lose connection with the CallManager. This occurs because there is no session
information for the CTIQBE hangup message on the standby unit. When the IP SoftPhone client does
not receive a response back from the CallManager within a certain time period, it considers the
CallManager unreachable and unregisters itself.
OSPF databases and routing tables are not replicated by the HA process. In the event of a FWSM failure,
allow time for the routing protocols to converge before traffic resumes flowing.
Because transparent FWSM relies on a Layer 2 MAC table for forwarding, the connection entry for a
Note
pair of hosts might still be active when the MAC table entries for one or both hosts have timed out due
to inactivity. In such a situation, if a failover event occurs before either host sends another packet to
re-populate the MAC address table, the peer FWSM is not able to generate switch CAM table refresh
packets for the given endpoints. Therefore, if the CAM table entries on the switch for the given hosts are
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
14-18
NAT translation table.
TCP connection states.
UDP connection states.
The ARP table.
The Layer 2 bridge table (when running in transparent firewall mode).
The HTTP connection states (if HTTP replication is enabled).
The ISAKMP and IPSec SA table.
GTP PDP connection database.
The user authentication (uauth) table.
The HTTP connection table (unless HTTP replication is enabled).
The routing tables.
Multicast traffic information.
Chapter 14 Configuring Failover
OL-20748-01