LTM network failover

LTM would use the the network segments that it's connected to for network failover, which is seperate from failover and syncing. he way it works is that if it detects the NIC is down it will attempt a failover in x amount of seconds. There is another type of failover called VLAN failsafe. You can read more about by clinking on the following link Click here

Thanks for your reply. But I am a little bit confused. In redundancy configuration, there we can set the peer IP address and check whether to enable network failover. Does that mean LTM will use the peer address to check the status of the active unit? If it loses connection to the peer, would failover be triggered?

 

For vlan failsafe, as far as I understand it does not deal with the peer. As long as there is no traffic on a vlan the LTM would perform failover.

Yes, the standby unit will listen for status message from the active unit on TCP 1028. The peer IP address is the source it will expect to hear this from. If status message is not received within the time limit, it will make itself the active unit. This is why it is important to have a reliable network connection for Network Failover transport, otherwise, you will have "unwanted" active-active on your hand. See Sol2397 for information on Network Failover, as well as Serial Failover.

Sorry I was getting a bit head of myself.

 

 

Network Failover uses the same address as the peer IP address setups for failover and config sync. They use that address to find out the status of the other unit. If an interface goes DOWN it will that message through the network to the other peer signiling a failover. If the secondary lost connectivity to the primary, it will attempt to perform a takeover. This is assuming the primary went off the wire or powered off. If not and the only thing you lost was looking at each others from the peering perspective then you have a situation where both are going to active/active - which is not what you want.

 

 

VLAN Failsafe does rely on the peer for one item, which is the overall cross communication of each other's status. SO if VLAN Failsafe or Gateway failsafe detects a problem it's going to want to send infornation to other unit on its status.

 

 

 

I recommend only using Network Failover if you cannot physically use the serial failover cable. If you use both, they both have to fail to trigger failover, and the serial is much faster than the Network Failover.

 

 

VLAN Failsafe is actually totally self-contained as iodaniel says. All it does is watch for traffic on the specified VLAN. If it does not receive any traffic for half the timeout period, it tries to arp for an address on that VLAN that it knows about. If it does not receive a reply within the rest of the timeout period, it takes the action specified (reboot, go standby, restart services). The peer is not involved at all. However, when the peer detects that it's partner has failed (either via serial or Network Failover), it will become active.

 

 

There is no messaging from the active to the standby in a failover situation, whether serial or network-based. When the active unit fails, voltage drops on the serial and it stops sending TCP 1028 packets. Failover is totally reliant on the standby to detect the other unit's failure and go active.

 

 

Denny

Actually from what I can tell in order for the VLAN failsafe to perform a "failover" it needs to do some form of communication so the peer can take over.

From a hardware level , that makes sense since the peer unit is the one detects the volatge level drop in the active unit. But how does that work for the VLAN Failsafe. I mean doesn't the active unit need to send a signal to the peer to take over or does the active unit switch to standby and the peer detects the change?

 

 

VLAN Failsafe has several options now. It can trigger a reboot, a failover (ie, go into standby mode), or a restart of the unit's services. Any of those 3 will cause the peer unit to detect that its' partner is no longer active and it will make itself active. It doesn't wait for any communication from the other unit.

 

 

Denny

Interesting. What mechanism does the peer/standby unit use to detect it's peer is going to standby mode under VLAN Failsafe?

VLAN Failsafe and the failover between the units are 2 separate events. VLAN Failsafe causes the failover to take place by creating the condition which failover is initiated. VLAN failsafe in itself does not include a feature to "tell" the standby unit to become active.

 

 

1. VLAN Failsafe kicks in due to lack of traffic.

 

2. VLAN failsafe causes reboot/restart/failover (This is where VLAN Failsafe is done)

 

3. heartbeat message being sent on TCP 1028 from the Active unit stops due to action No. 2 above

 

4. Standby unit becomes active.