Failover Overview; Regular And Stateful Failover; Chapter 15 Using Failover - Cisco Catalyst 6500 Series Configuration Manual
Catalyst 6500 series switch and
cisco 7600 series router firewall services
Hide thumbs
Also See for Catalyst 6500 Series:
- Software configuration manual (570 pages) ,
- Configuration note (212 pages) ,
- Installation manual (194 pages)
Table of Contents
Advertisement
Understanding Failover
•
Failover Overview
The failover feature lets you use a standby FWSM to take over the functionality of a failed FWSM.
Failover is compatible with both routed and transparent firewall modes, and with single and
multiple context modes.
The two FWSMs must have the same major (first number) and minor (second number) software version,
Note
license, and operating modes (routed or transparent, single or multiple context). You can use different
maintenance versions (third numbers) during an upgrade process; for example, you can upgrade one
module from 2.2(1) to 2.2(2) and failover is still active. However, we recommend upgrading both
modules to the same version to ensure long-term compatibility. We do not guarantee full compatibility
for failover when the maintenance versions differ.
When the active module fails, it changes to the standby state, while the standby module changes to the
active state.
The module that becomes active takes over the active module IP addresses (or, for transparent firewall,
the management IP address) and MAC address, and it begins passing traffic. The FWSM has one MAC
address for all interfaces. The module that was active and is now in standby state takes over the standby
IP addresses and MAC address.
Because network devices see no change in the MAC to IP address pairing, failover is unnoticed by the
rest of the network. However, the host switch needs to reassociate the new active and standby chassis
slots with their corresponding MAC addresses. The FWSM helps this process by sending out gratuitous
ARPs on all its VLAN interfaces. (See the
section on page 15-10
The standby module can effectively take over as the active module because it has the same configuration,
and it is assigned the same VLANs from the switch.
For multiple context mode, the FWSM can fail over the entire module (including all contexts) but cannot
Note
fail over individual contexts separately.
Regular and Stateful Failover
The FWSM supports two types of failover:
•
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
15-2
Failover Monitoring, page 15-13
section for more information about MAC addresses).
Regular failover—When a failover occurs, all active connections are dropped and clients need to
reestablish connections when the new active module takes over.
Stateful failover—During normal operation, the active module continually passes per-connection
stateful information (for each context) to the standby module. The interval between stateful
information updates is 10 seconds, but if you set the module polltime to be greater than 10 seconds,
then that interval is used.
After a failover occurs, the same connection information is available at the new active module.
Supported end-user applications are not required to reconnect to keep the same communication
session.
"Primary/Secondary Status and Active/Standby Status"
Chapter 15
Using Failover
OL-6392-01
Advertisement
Table of Contents
Troubleshooting
