Failover Health Monitoring; Unit Health Monitoring; Interface Monitoring - Cisco 7604 Configuration Manual
Catalyst 6500 series switch and cisco 7600 series router firewall services module configuration guide using the cli
Hide thumbs
Also See for 7604:
- Configuration manual (1011 pages) ,
- Installation manual (324 pages) ,
- User manual (98 pages)
Table of Contents
Advertisement
Chapter 14
Configuring Failover
still active and point to the formerly active unit, traffic is incorrectly switched to the standby FWSM and
dropped there (if the idle connection starts passing traffic again after the failover event and before the
CAM table entries age out on the switch).
Failover Health Monitoring
FWSM monitors each unit for overall health and for interface health. See the following sections for more
information about how FWSM performs tests to determine the state of each unit:
•
•
•
Unit Health Monitoring
FWSM determines the health of the other unit by monitoring the failover link. When a unit does not
receive hello messages on the failover link, then the unit sends an ARP request on all interfaces,
including the failover interface. FWSM retries a user-configurable number of times. The action FWSM
takes depends on the response from the other unit. See the following possible actions:
•
•
•
If a failed unit does not recover and you believe it should not be failed, you can reset the state by entering
Note
the failover reset command. If the failover condition persists, however, the unit will fail again.
Interface Monitoring
You can monitor up to 250 interfaces divided between all contexts. If an interface is shared among
contexts, you can configure one context to monitor a shared interface. Because the interface is shared,
all contexts benefit from the monitoring.
When a unit does not receive hello messages on a monitored interface, it runs the following tests:
1.
2.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
OL-20748-01
Unit Health Monitoring, page 14-19
Interface Monitoring, page 14-19
Rapid Link Failure Detection, page 14-20
If FWSM receives a response on any interface, then it does not fail over.
If FWSM does not receive a response on any interface, then the standby unit switches to active mode
and classifies the other unit as failed.
If FWSM does not receive a response on the failover link only, then the unit does not failover. The
failover link is marked as failed. You should restore the failover link as soon as possible because the
unit cannot fail over to the standby while the failover link is down.
Link Up/Down test—A test of the interface status. If the Link Up/Down test indicates that the
interface is operational, then FWSM performs network tests. The purpose of these tests is to
generate network traffic to determine which (if either) unit has failed. At the start of each test, each
unit clears its received packet count for its interfaces. At the conclusion of each test, each unit looks
to see if it has received any traffic. If it has, the interface is considered operational. If one unit
receives traffic for a test and the other unit does not, the unit that received no traffic is considered
failed. If neither unit has received traffic, then the next test is used.
Network Activity test—A received network activity test. The unit counts all received packets for up
to 5 seconds. If any packets are received at any time during this interval, the interface is considered
operational and testing stops. If no traffic is received, the ARP test begins.
Understanding Failover
14-19
- Quick Links:
- C H a P T E...
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
