Interface Monitoring - Cisco Catalyst 6500 Series Configuration Manual

Understanding Failover
•
If a failed module does not recover and you believe it should not be failed, you can reset the state by
Note
entering the failover reset command. If the failover condition persists, however, the module will fail
again.

Interface Monitoring

You can monitor up to 250 interfaces divided between all contexts. You should monitor important
interfaces, for example, you might configure one context to monitor a shared VLAN (because the
interface is shared, all contexts benefit from the monitoring).
An interface may be marked as failed (auto state down) when there are no longer any physical ports
Note
belonging to a VLAN that is configured on the switch for the FWSM.
When a module does not receive hello messages on a monitored interface, it runs the following tests:
1.
2.
3.
4.
If all network tests fail for an interface, but this interface on the other module continues to successfully
pass traffic, then the interface is considered to be failed. If the threshold for failed interfaces is met, then
a failover occurs. If the other module interface also fails all the network tests, then both interfaces go
into the "Unknown" state and do not count towards the failover limit.
An interface becomes operational again if it receives any traffic. A failed FWSM returns to standby mode
if the interface failure threshold is no longer met.
Note If a failed module does not recover and you believe it should not be failed, you can reset the state by
entering the failover reset command. If the failover condition persists, however, the module will fail
again.
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide
15-14
If the FWSM does not receive a response on the failover link only, then the module does not failover.
The failover link is marked as failed. You should restore the failover link as soon as possible because
the module cannot fail over to the standby while the failover link is down.
Link Up/Down test—A test of the VLAN status. If the Link Up/Down test indicates that the VLAN
is operational, then the FWSM performs network tests. The purpose of these tests is to generate
network traffic to determine which (if either) module has failed. At the start of each test, each
module clears its received packet count for its interfaces. At the conclusion of each test, each module
looks to see if it has received any traffic. If it has, the interface is considered operational. If one
module receives traffic for a test and the other module does not, the module that received no traffic
is considered failed. If neither module has received traffic, then the next test is used.
Network Activity test—A received network activity test. The module counts all received packets for
up to 5 seconds. If any packets are received at any time during this interval, the interface is
considered operational and testing stops. If no traffic is received, the ARP test begins.
ARP test—A reading of the module ARP cache for the 2 most recently acquired entries. One at a
time, the module sends ARP requests to these machines, attempting to stimulate network traffic.
After each request, the module counts all received traffic for up to 5 seconds. If traffic is received,
the interface is considered operational. If no traffic is received, an ARP request is sent to the next
machine. If at the end of the list no traffic has been received, the ping test begins.
Broadcast Ping test—A ping test that consists of sending out a broadcast ping request. The module
then counts all received packets for up to 5 seconds. If any packets are received at any time during
this interval, the interface is considered operational and testing stops.
Chapter 15 Using Failover
OL-6392-01