CLEANACCESS Archives

December 2005

CLEANACCESS@LISTSERV.MIAMIOH.EDU
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Failover in CCA
From:
John Truelove <[log in to unmask]>
Reply To:
Perfigo SecureSmart and CleanMachines Discussion List <[log in to unmask]>
Date:
Wed, 21 Dec 2005 10:04:03 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (100 lines) 
Our core switches are in different buildings.  In theory, better
redundancy, failover, etc.




John Truelove
OIT Network Engineer - CCNP
Indiana State University
210 N 7th Street, Rankin Rm 54
Terre Haute, IN 47809
812-237-4921

>>> [log in to unmask] 12/21/2005 9:19 AM >>>
Can you explain the reason for keeping the systems in different
buildings?  


++++++++++++++++++++++++++++++++++
Dave Bachand
Data Network Manager
Information Technology Services
Eastern Connecticut State University
83 Windham Street
Willimantic, CT
Tel. (860)465-5376
++++++++++++++++++++++++++++++++++

-----Original Message-----
From: Perfigo SecureSmart and CleanMachines Discussion List
[mailto:[log in to unmask]] On Behalf Of John Truelove
Sent: Wednesday, December 21, 2005 8:00 AM
To: [log in to unmask] 
Subject: Failover in CCA

I have an issue with the failover in CCA.  I am wanting to know if
anyone else has similiar problems or how they are handling the issues.
I have our account team working on getting the code changed to address
the issue with failover.

Layout/Setup of our systems:  Version 3.5.8    Agent 3.5.10

We are running in Virtual gateway mode with VLAN mapping.  Our CAM/CAS
are located in different buildings.  Each CAM/CAS is connected to
6509/6506 switches with Gigabit copper.  We are trunking multiple
VLANs
to untrusted/trusted interface.

On the untrusted interface, we have VLAN 111 and it gets mapped to
VLAN
811 on the trusted interface.

Because the CAM/CAS are located in different buildings, we are not
using
a crossover cable or serial link for the heartbeat.  The heartbeat is
going across eth1 on a management VLAN.

We have had 2 power outages campus wide since we put the system in
(July
2005).  This caused spanning-tree loops because both CAS's went active
at the same time.  We also had the CAM's go active at the same time. I
think the problem is that the servers came up before the 6500's did,
the
servers all went active because they could not communicate with each
other.

Has anyone else seen similiar issues ?

Right now, we are not running in failover mode for fear of other
spanning-tree loops.

Not to cause trouble with Cisco but I think the failover code needs to
be changed.

Problem #1:  The code for the heartbeat timer does not have a way to
back down once one of the servers become active.  Example:  Power
outage, both CAS's come up active, 6509 finally boots up, Layer 2 up
on
the switches.
You now have a spanning-tree loop.

Problem #2:  The code also does not check for link states.  For
example,
if you are running with a cross-over cable on a third NIC or eth1, it
does not check to make sure the link is still up.  So if your NIC dies
or you have cable problems, the failover will not happen.  This was
the
case in previous versions, I have not checked in the newest release
3.5.8.


Sorry for the long post but I really would like to know how others are
dealing with these issues and how they are getting around code design
problems.

Thanks

John Truelove
Indiana State University - CCNP

ATOM RSS1 RSS2