Stateful Failover - Cisco 4700M Administration Manual

Chapter 6 Configuring Redundant ACEs
Figure 6-2
possible that the FT groups A,B, C, and D use only half the resources that E and F require.
Figure 6-2
N=2
# redundant groups
=6
To outside nodes (clients and servers), the active and standby FT group members appear as one node
with respect to their IP addresses and associated VMAC. The ACE provides active-active redundancy
with multiple-contexts only when there are multiple FT groups configured on each appliance and both
appliances contain at least one active group member (context). With a single context, the ACE supports
active-backup redundancy and each group member is an Admin context. For details about configuring
contexts, see the Cisco 4700 Series Application Control Engine Appliance Virtualization Configuration
Guide.
The ACE sends and receives all redundancy-related traffic (protocol packets, configuration data,
heartbeats, and state replication packets) on a dedicated FT VLAN. You cannot use this dedicated VLAN
for normal traffic.
To optimize the transmission of heartbeat packets for multiple FT groups and to minimize network
traffic, the ACE sends and receives heartbeat messages using a separate process. The ACE uses the
heartbeat to probe the peer ACE, rather than probe each context. When an ACE does not receive a
heartbeat from the peer ACE, all the contexts in the standby state become active. The ACE sends
heartbeat packets over UDP. You can set the frequency with which the ACE sends heartbeat packets as
part of the FT peer configuration (see the
The election of the active member within each FT group is based on a priority scheme. The member
configured with the higher priority is elected as the active member. If a member with a higher priority is
found after the other member becomes active, the new member becomes active because it has a higher
priority. This behavior is known as preemption and is enabled by default. You can override this default
behavior by disabling preemption, causing the member with the higher priority always to assert itself
and become active (see the

Stateful Failover

The ACE replicates flows on the active FT group member to the standby group member per connection
for each context. The replicated flows contain all the flow-state information necessary for the standby
member to take over the flow if the active member becomes unresponsive. If the active member becomes
unresponsive, the replicated flows on the standby member become active when the standby member
assumes mastership of the context. The active flows on the former active member transition to a standby
state to fully back up the active flows on the new active member.
After a switchover occurs, the same connection information is available on the new active member.
Supported end-user applications do not need to reconnect to maintain the same network session.
The state information passed to the standby appliance includes the following data:
•
•
OL-20823-01
shows the uneven distribution of contexts between the two ACEs. As an example, it is
Uneven Distribution of Contexts
A B
E
"Configuring an FT Group"
Network Address Translation (NAT) table based on information synchronized with the connection
record
All Transmission Control Protocol (TCP) and User Datagram Protocol (UDP) connections not
terminated by the ACE
Cisco 4700 Series Application Control Engine Appliance Administration Guide
C D E'
F A' B'
"Configuring an FT Peer"
section).
Information About Redundancy
F'
C' D'
section).
6-3