cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

HA issue

Hi All,

On issuing command cphaprob stat on firewall cluster its showing toggle status Active/Standby and Active/Down.

also wrp interface showing down.

SSECFWAESCDT301:0> cphaprob stat

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 172.31.255.253 100% Active
2 172.31.255.254               0%  Down

           and 

SSECFWAESCDT301:0> cphaprob stat

Cluster Mode: VSX High Availability (Active Up) with IGMP Membership

Number Unique Address Assigned Load State

1 (local) 172.31.255.253 100% Active
2 172.31.255.254               0%  Standby   >> This status changing on every hit of command

> cphaprob -a if

vsid 0:
------
Required interfaces: 11
Required secured interfaces: 1

Sync UP sync(secured), broadcast
Mgmt UP non sync(non secured), multicast

Virtual cluster interfaces: 1

Mgmt 10.34.17.169


vsid 1:
------
Required interfaces: 4
Required secured interfaces: 1

Sync UP sync(secured), broadcast
wrp64 Inbound: DOWN (3.1 secs) Outbound: DOWN (67706.2 secs) non sync(n on secured), multicast
eth2 UP non sync(non secured), multicast (eth2.101 )
eth1 UP non sync(non secured), multicast (eth1.100 )
eth6 UP non sync(non secured), multicast (eth6.1502 )

Virtual cluster interfaces: 16

wrp64 10.34.17.81
eth2.101 10.34.17.113
eth2.1530 10.34.17.129
eth2.1915 10.34.17.57
eth2.1102 10.34.17.225
eth2.1914 10.34.17.49
eth2.1550 10.34.17.145
eth2.1911 10.34.17.33
eth2.1910 10.34.17.25
eth2.1913 10.34.17.41
eth2.1250 10.34.17.193
eth1.100 10.34.54.1
eth6.1502 10.34.17.74
eth2.1106 10.34.17.17
eth2.402 10.34.17.9
eth2.1570 10.34.17.177


vsid 2:
------
Required interfaces: 2
Required secured interfaces: 1

Sync UP sync(secured), broadcast
wrp128 Inbound: DOWN (2950 secs) Outbound: DOWN (66556.4 secs) non sync(n on secured), multicast
eth3 UP non sync(non secured), multicast (eth3.1240 )

Virtual cluster interfaces: 4

wrp128 10.34.17.82
eth3.1411 10.34.54.193
eth3.1240 10.34.55.1
eth3.1921 10.34.55.193


vsid 3:
------
Required interfaces: 3
Required secured interfaces: 1

eth5 UP non sync(non secured), multicast
eth4 UP non sync(non secured), multicast
Sync UP sync(secured), broadcast
wrp192 Inbound: DOWN (22816.1 secs) Outbound: DOWN (67520.4 secs) non sync(n on secured), multicast

Virtual cluster interfaces: 3

eth5 10.34.17.89
eth4 10.34.55.217
wrp192 10.34.17.83


vsid 4:
------
VS is working as a Virtual Switch.

0 Kudos
5 Replies

Re: HA issue

Is there any VLAN or Interface flapping occurring upstream of the Gateway with whatever network is connected to that Virtual Switch? My guess is the Cluster State is flapping because of whatever is going on in that Virtual Switch. 

0 Kudos

Re: HA issue

Thanks , it was VLAN issue on switch

Re: HA issue

Looks like connectivity is missing between boxes on the interface that is outside of your virtual switch. I'm just guessing but all your three VSes are connected to Vswitch on this subnet 10.34.17.x so make sure that on physical interface you have trunk with all required VLANs configured so both boxes can see each other.

you can add output ifconfig from VS4

0 Kudos
JozkoMrkvicka
Platinum

Re: HA issue

ccp mode is broadcast for Sync but multicast for the rest? try to set CCP mode to broadcast/multicast only.

Kind regards,
Jozko Mrkvicka

Re: HA issue

I had the same issue. 

once i put change the ccp to broadcast, it works like a charm.

#cphaconf set_ccp broadcast