HA issue

Ashish_Raval — Thu, 25 Oct 2018 12:59:22 GMT

Hi All,

On issuing command cphaprob stat on firewall cluster its showing toggle status Active/Standby and Active/Down.

also wrp interface showing down.

SSECFWAESCDT301:0> cphaprob stat

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 172.31.255.253 100% Active
2 172.31.255.254 0% Down

and

SSECFWAESCDT301:0> cphaprob stat

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 172.31.255.253 100% Active
2 172.31.255.254 0% Standby >> This status changing on every hit of command

> cphaprob -a if

vsid 0:
------
Required interfaces: 11
Required secured interfaces: 1

Sync UP sync(secured), broadcast
Mgmt UP non sync(non secured), multicast

Virtual cluster interfaces: 1

Mgmt 10.34.17.169

vsid 1:
------
Required interfaces: 4
Required secured interfaces: 1

Sync UP sync(secured), broadcast
wrp64 Inbound: DOWN (3.1 secs) Outbound: DOWN (67706.2 secs) non sync(n on secured), multicast
eth2 UP non sync(non secured), multicast (eth2.101 )
eth1 UP non sync(non secured), multicast (eth1.100 )
eth6 UP non sync(non secured), multicast (eth6.1502 )

Virtual cluster interfaces: 16

wrp64 10.34.17.81
eth2.101 10.34.17.113
eth2.1530 10.34.17.129
eth2.1915 10.34.17.57
eth2.1102 10.34.17.225
eth2.1914 10.34.17.49
eth2.1550 10.34.17.145
eth2.1911 10.34.17.33
eth2.1910 10.34.17.25
eth2.1913 10.34.17.41
eth2.1250 10.34.17.193
eth1.100 10.34.54.1
eth6.1502 10.34.17.74
eth2.1106 10.34.17.17
eth2.402 10.34.17.9
eth2.1570 10.34.17.177

vsid 2:
------
Required interfaces: 2
Required secured interfaces: 1

Sync UP sync(secured), broadcast
wrp128 Inbound: DOWN (2950 secs) Outbound: DOWN (66556.4 secs) non sync(n on secured), multicast
eth3 UP non sync(non secured), multicast (eth3.1240 )

Virtual cluster interfaces: 4

wrp128 10.34.17.82
eth3.1411 10.34.54.193
eth3.1240 10.34.55.1
eth3.1921 10.34.55.193

vsid 3:
------
Required interfaces: 3
Required secured interfaces: 1

eth5 UP non sync(non secured), multicast
eth4 UP non sync(non secured), multicast
Sync UP sync(secured), broadcast
wrp192 Inbound: DOWN (22816.1 secs) Outbound: DOWN (67520.4 secs) non sync(n on secured), multicast

Virtual cluster interfaces: 3

eth5 10.34.17.89
eth4 10.34.55.217
wrp192 10.34.17.83

vsid 4:
------
VS is working as a Virtual Switch.

Re: HA issue

Daniel_Taney — Thu, 25 Oct 2018 13:44:19 GMT

Is there any VLAN or Interface flapping occurring upstream of the Gateway with whatever network is connected to that Virtual Switch? My guess is the Cluster State is flapping because of whatever is going on in that Virtual Switch.

Re: HA issue

Kaspars_Zibarts — Thu, 25 Oct 2018 13:49:34 GMT

Looks like connectivity is missing between boxes on the interface that is outside of your virtual switch. I'm just guessing but all your three VSes are connected to Vswitch on this subnet 10.34.17.x so make sure that on physical interface you have trunk with all required VLANs configured so both boxes can see each other.

you can add output ifconfig from VS4

Re: HA issue

JozkoMrkvicka — Fri, 26 Oct 2018 20:00:32 GMT

ccp mode is broadcast for Sync but multicast for the rest? try to set CCP mode to broadcast/multicast only.

Re: HA issue

Alex_Lam1 — Mon, 12 Nov 2018 15:32:24 GMT

I had the same issue.

once i put change the ccp to broadcast, it works like a charm.

#cphaconf set_ccp broadcast

Re: HA issue

Ashish_Raval — Fri, 07 Dec 2018 09:25:42 GMT

Thanks , it was VLAN issue on switch

topic Re: HA issue in Firewall and Security Management

HA issue

Re: HA issue

Re: HA issue

Re: HA issue

Re: HA issue

Re: HA issue