cc/td/doc/product/iaabu/localdir/ld20rns
hometocprevnextglossaryfeedbacksearchhelp
PDF

Table of Contents

LocalDirector Failover

LocalDirector Failover

Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. One LocalDirector unit is considered the "primary" unit while the other is considered the "secondary" unit (determined by the failover cable). The primary unit is also the active unit by default, and it performs normal network functions while the backup unit (standby) only monitors, ready to take control should the active unit fail.

The two units must be running the same version of software. Configuration replication (version 1.6 or later) will occur under the following conditions:

Note Use identical LocalDirector units as failover pairs. Make sure that the hardware platform, and the number and type of interfaces on each unit are the same.

The active unit uses the system IP address and the MAC address of the primary unit. The standby unit uses the failover IP address and the secondary MAC address. Because the active unit uses the same IP and MAC addresses (regardless of which physical unit it is), no ARP entries need to change or timeout anywhere on the network.

Failover monitors failover communications, the power status of the other unit, and hello packets that are received on each interface. A failure of any of these parameters on the active unit will cause the standby unit to take active control. The standby unit assumes the active role using the system IP address and the primary MAC addresses. When a failure or switch occurs SYSLOG messages are generated indicating the cause of the failure.

To take a unit out of the "failed" state, cycle the power or use the failover reset command. The failover reset command will also clear timers and counters for the LocalDirector unit. When a failed primary unit is fixed and brought back on line it will not automatically resume as the active unit. This ensures that active control will not resume on a unit that could immediately enter a failed state again. However, if a failure is due to a lost signal on a network interface card, failover will "auto-recover" when the network is available again.

Use the failover active command to initiate a failover switch from the standby unit, or the no failover active command from the active unit to initiate a failover switch. You can use this feature to return a failed unit to service, or to force an active unit offline for maintenance. Because the standby unit does not keep state information on each connection, all active connections will be dropped and must be re-established by the clients.

Note Because configuration replication is automatic from the active unit to the standby unit, configuration changes should only be entered from the active unit.

Failover Setup

Attach the end of the cable labeled "Primary" to the unit that will be the primary unit (the failover cable is shown in Figure 5-4). Attach the other end to the secondary unit. Connect an interface on both LocalDirector units to the hub or switch that goes to the outside network, and connect another interface on both LocalDirector units to the hub or switch that connects to your servers.

Use the failover ip address command to set the IP address for the standby unit, and use the replicate command to set stateful failover. A third interface can be dedicated to stateful failover. See the failover and replicate command descriptions in Chapter 6, "Command Reference" for more information.

The show failover command indicates the status of the connection and which unit is active. See the "Show Failover Output" section for more information about this command. The show ip address command shows the current IP address of the unit. If the unit is active the system IP address is displayed, and if the unit is standby the failover IP address is displayed.

Failover Examples

Figure 5-1 shows a basic failover implementation. Note that the third interface on the LocalDirector 410 is not being used. In this example, the no interface 2 command must be used to disable the interface, otherwise the unit will be seen as failed.

Note Turn off unused interfaces with the no interface command.

Figure 5-1: Basic Failover Implementation on a LocalDirector 410

Figure 5-2 shows stateful failover with a dedicated interface.

Use the replicate interface command to identify the dedicated interface as follows:

replicate interface 3

The ports on the 4-port interface are numbered 0-3, so this would dedicate the bottom port on the card to stateful failover.

Note Turn off unused interfaces with the no interface command.

Figure 5-2: Stateful Failover on a LocalDirector 420 with a Dedicated Interface

Figure 5-3 shows a LocalDirector configuration that is fault-tolerant.


Figure 5-3: Fault Tolerant Failover Configuration

Failover Interface Tests

If a failure is due to a condition other than a loss of power on the other unit, failover will begin a series of tests to determine which unit is failed. This series of tests will begin when hello messages are not heard for two consecutive 15-second intervals. Hello messages are sent over both network interfaces and the serial cable every 5 seconds.

These tests generate network traffic in order to determine which (if either) unit is failed. At the start of each test, each unit clears its received packet count for its interfaces. At the conclusion of each test, each unit looks to see if it has received any traffic. If it has, the interface is considered operational. If one unit receives traffic for a test and the other unit does not, the unit that received no traffic is considered failed. If neither unit has received traffic, they go to the next test.

Note If the failover IP address has not been set, failover will not work and the Network Activity, ARP, and Broadcast ping tests are not performed.
This is a test of the NIC card itself. If an interface card is not plugged in to an operational network, it is considered failed (for example, the hub or switch is failed, has a failed port, or a cable is unplugged).
This is a received network activity test. The unit will count all received packets for up to 5 seconds. If any packets are received at any time during this interval the interface is considered operational and testing stops. If no traffic is received, the ARP test begins.
The ARP test consists of reading the ARP cache for the 10 most recently acquired entries. One at a time the unit sends ARP requests to these machines attempting to stimulate network traffic. After each request the unit counts all received traffic for up to 5 seconds. If traffic is received, the interface is considered operational. If no traffic is received, an ARP request is sent to the next machine. If at the end of the list no traffic has been received, the ping test begins.
The ping test consists of sending out a broadcast ping request. The unit then counts all received packets for up to 5 seconds. If any packets are received at any time during this interval the interface is considered operational and testing stops. If no traffic is received, the testing starts over again with the ARP test.

Failover SYSLOG Messages

Failover messages always have a SYSLOG priority level of 2, which indicates a critical condition. All failover SYSLOG messages are also sent as SNMP SYSLOG traps.

To receive SNMP SYSLOG traps (SNMP failover traps), you must configure the SNMP agent to send SNMP traps to SNMP management stations, define a SYSLOG host, and also have compiled the Cisco SYSLOG MIB into your SNMP management station. See the snmp-server and syslog command descriptions in Chapter 6, "Command Reference" for more information.

The SYSLOG messages sent to record failover events are listed in Appendix A, "Troubleshooting" in the "Failover Messages" section.

Show Failover Output

The following is the normal output of the show failover command. Note that the IP address that each unit is using is displayed.

ld-prim(config)# show failover Failover On Cable status: Normal This host: Primary - Active Active time: 6885 (sec) Interface 0 (192.168.89.1): Normal Interface 1 (192.168.89.1): Normal Other host: Secondary - Standby Active time: 0 (sec) Interface 0 (192.168.89.2): Normal Interface 1 (192.168.89.2): Normal

Failover will not start monitoring the network interfaces until it has heard the second hello packet from the other unit on that interface. This should happen within 30 to 60 seconds.

If the unit is attached to a switch running spanning tree, this will take twice the forward delay time configured in the switch (typically 15 seconds) plus 30 seconds. This is because at bootup (and immediately following a failover event) the network switch will detect a temporary bridge loop. When this bridge loop is detected, the switch will stop forwarding packets for the duration of the forwarding delay time. It will then enter "listen" mode for an additional forward delay time during which time the switch is listening for bridge loops but still not forwarding traffic (and thus not forwarding failover hello packets).

After twice the forward delay time (30 seconds) traffic should resume. The LocalDirector will remain in "waiting" mode until it hears two hello packets (1 every 15 seconds for a total of 30 seconds). During this time the LocalDirector is passing traffic, and it will not fail the unit based on not hearing the hello packets. All other failover monitoring is still occurring (power, interface, and failover cable hello).

Note If a failover IP address has not been entered, show failover will display 0.0.0.0 for the IP address, and monitoring of the interfaces will remain in "waiting" state. A failover IP address must be set in order for failover to work.

The following example shows the output if failover has not started monitoring the network interfaces:

ld-prim(config)# show failover Failover On Cable status: Normal This host: Primary - Active Active time: 6930 (sec) Interface 0 (192.168.89.1): Normal (Waiting) Interface 1 (192.168.89.1): Normal (Waiting) Other host: Secondary - Standby Active time: 15 (sec) Interface 0 (192.168.89.2): Normal (Waiting) Interface 1 (192.168.89.2): Normal (Waiting)
Note Waiting indicates that monitoring of the other unit's network interfaces has not yet started, and the site is not protected by the failover feature.

The following example shows that a failure has been detected. Note that interface 1 on the primary unit is the source of the failure. The units are back in waiting mode because of the failure. The failed unit has removed itself from the network (interfaces are down) and it is no longer sending hello packets on the network. The active unit will remain in the waiting state until the failed unit is replaced and failover communications start again.

ld-prim(config)# show failover Failover On Cable status: Normal This host: Primary - Standby (Failed) Active time: 7140 (sec) Interface 0 (192.168.89.2): Normal (Waiting) Interface 1 (192.168.89.2): Failed (Waiting) Other host: Secondary - Active Active time: 30 (sec) Interface 0 (192.168.89.1): Normal (Waiting) Interface 1 (192.168.89.1): Normal (Waiting)

Frequently Asked Questions

This section contains some frequently asked questions about the failover feature.

No, failover will not work without the cable. If you run without the failover cable you are essentially running two separate LocalDirectors. This will result in a bridge loop and flood the network. The failover cable is an essential part of failover.
No, the cable cannot be extended using modems or other RS-232 line extenders. Part of what the failover cable does is indicate the presence and power status of the other unit. When you place line extenders in this path you are relaying the status of the line extender rather than of the other LocalDirector unit.
A switch can be initiated by either unit. When a switch takes place each unit changes state. The newly active unit assumes the IP address and MAC address of the previously active unit and begins accepting traffic for it. The new standby unit assumes the IP address and MAC address of the unit that was previously the standby unit.
Use the replicate command to maintain connection state on a per-virtual basis. If the replicate command is not used, active connections will be dropped when a failover switch occurs, and clients must re-establish the connections through the newly active unit. It is best to maintain state on connections with a longer connection time, and not maintain state on connections that are short-lived such as HTTP.
When a unit boots up it defaults to Failover Off and Secondary, unless the failover cable is present or failover has been saved in the configuration. The configuration from the active unit is also copied to the standby unit. If the cable is not present, the unit automatically becomes the active unit. If the cable is present, the unit that has the primary end of the failover cable plugged into it becomes the primary unit by default.
The configuration is automatically replicated, and can be forced with the write standby command.
When the primary active LocalDirector experiences a power failure, the standby LocalDirector comes up in active mode. If the primary unit is powered up again it will become the standby unit.
When the primary active LocalDirector is failed by disconnecting the network interface (cable pull), the standby LocalDirector comes up in active mode as it should. When the interface is plugged back in, the unit will automatically recover; however, it will not take over as the active unit. It will become the standby unit.
Yes, if you are running LocalDirector version 1.6.3 or greater on both units.
Fault detection is based on the following:

  • Failover hello packets are received on each interface. If hello packets are not heard for two consecutive 15 second intervals, the interface will be tested to determine which unit is at fault.

  • Cable errors. The cable is wired so that each unit can distinguish between a power failure in the other unit, and an unplugged cable. If the standby unit detects that the active unit is powered off (or resets) it will take active control. If the cable is unplugged, a SYSLOG is generated but no switching occurs. An exception to this is at boot-up, at which point an unplugged cable will force the unit active. If both units are powered up without the failover cable installed they will both become active creating a duplicate IP address conflict on your network. The failover cable must be installed for failover to work correctly.

  • Failover communication. The two units share information every 15 seconds. If the standby unit does not hear from the active unit in two communication attempts (and the cable status is OK) the standby unit will take over as active.

SYSLOG messages will be generated when any errors or switches occur. Evaluate the failed unit and fix or replace it.
Always use the same version of software on both LocalDirector units.
Note Use identical LocalDirector units as failover pairs. Make sure that the hardware platform, and the number and type of interfaces on each unit are the same.
The failover cable is shown in Figure 5-4, and the pinouts for the failover cable are shown in Figure 5-5. The cable is 6 feet (2 meters) long, and both ends are receptacle DB15. The RS-232 standard specifies that cables can be up to 75 feet (22 meters) long.

Figure 5-4: Failover Cable


Figure 5-5: Failover Cable Pinouts

hometocprevnextglossaryfeedbacksearchhelp
Copyright 1989-1998 © Cisco Systems Inc.