ACE and GSS failover testing
I need to know the best way to test the ACE failover setup. Should i shutdown the primary ACE or can change the roles.
If i change the roles then what is the command to confirm whether traffic is passing through the standby not from primary.
I need confirm the traffic not the role. I know the command "show ft group detail on ACE.
I need to know the same for GSS setup.
Thanks
On ACE the failover is context based (not Vip based).
ACe can be configured to track and detect failures in the following items in the
Admin context and any user context:
⢠Gateways or hosts
⢠Interfaces
⢠Hot Standby Router Protocol (HSRP) groups
You need to configure a tracking priority for each tracking event.
from ACE Admin guide
"Suppose that on ACE 1 you configure the active FT group member
with a priority of 100 and on ACE 2 you configure the standby FT group member
with a priority of 70. Further, assume that you configure the FT group to track
three critical interfaces, each with a unit priority of 15. To trigger a switchover,
all three interfaces must fail so that the priority of the active member is less than
the priority of the standby member (100 - 45 = 55)."
Please read ACE Admin guide for more details
Syed
Similar Messages
-
Hi,
There is another one:-)
On CSS i could define critical service and put the VIP down if critical service is down. Also CSS used something like VRRP to define active VIP per CSS.
So the question is, can I do the same thing on two ACE modules? So, one is active for the VIP, and if service associated with that VIP fails, the active VIP is moved to another ACE module?
Can this be accomplished with contexts? FT VLAN..etc. It is not the same as VRRP VIP fail over on CSS but i could use it. Can i use FT VLAN over L2 devices/MPLS backbone or do i have to use dedicated link?On ACE the failover is context based (not Vip based).
ACe can be configured to track and detect failures in the following items in the
Admin context and any user context:
⢠Gateways or hosts
⢠Interfaces
⢠Hot Standby Router Protocol (HSRP) groups
You need to configure a tracking priority for each tracking event.
from ACE Admin guide
"Suppose that on ACE 1 you configure the active FT group member
with a priority of 100 and on ACE 2 you configure the standby FT group member
with a priority of 70. Further, assume that you configure the FT group to track
three critical interfaces, each with a unit priority of 15. To trigger a switchover,
all three interfaces must fail so that the priority of the active member is less than
the priority of the standby member (100 - 45 = 55)."
Please read ACE Admin guide for more details
Syed -
N+1 5508 WLC failover test
Good day all,
I have a question about the N+1 5508 failover test:
Should I shutdown one of the primary WLC to test failover?
I just setup the N+1 bakcup WLC (5508). B
Based on: http://www.cisco.com/en/US/docs/wireless/technology/hi_avail/N1_High_Availability_Deployment_Guide.pdf
We have two production WLCs both 5508 and one 4405.
We just purchased another HA-SKU WLC 5508.
All our four WLCs had been setup into one mobility group in version 7.4.100.6.
Their neighbors are all up.
But our test AP could not register to the Backup N+1 WLC. ( We are using option 43 in our DHCP server for all the AP boot.)
Here are the log screen:
================ From test Access Point============
*Mar 1 00:00:53.099: %CDP_PD-4-POWER_OK: Full power - INJECTOR_CONFIGURED_ON_SOURCE inline power source
*Mar 1 00:00:53.842: %DHCP-6-ADDRESS_ASSIGN: Interface BVI1 assigned DHCP address 10.255.1.3, mask 255.255.255.0, hostname wo11-test-ap1
*Mar 1 00:00:54.188: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Mar 1 00:00:55.188: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Mar 1 00:00:55.279: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Mar 1 00:00:56.280: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Mar 1 00:01:03.820: %CAPWAP-5-DHCP_OPTION_43: Controller address 10.254.240.5 obtained through DHCP
*Mar 1 00:01:03.820: %CAPWAP-3-ERRORLOG: Did not get log server settings from DHCP.
*Mar 1 00:01:13.823: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.5 peer_port: 5246
*Aug 2 02:31:25.003: DTLS_CLIENT_ERROR: ../capwap/base_capwap/dtls/base_capwap_dtls_connection_db.c:2051 Max retransmission count reached!
*Aug 2 02:31:55.001: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 10.254.240.5:5246
*Aug 2 02:31:55.001: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Aug 2 02:30:55.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 10.254.240.23 peer_port: 5246
*Aug 2 02:30:55.490: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 10.254.240.23 peer_port: 5246
*Aug 2 02:30:55.493: %CAPWAP-5-SENDJOIN: sending Join Request to 10.254.240.23
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Aug 2 02:30:55.493: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 10.254.240.23
*Aug 2 02:30:55.874: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Aug 2 02:30:55.931: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Aug 2 02:30:55.987: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller WG-WLC1
*Aug 2 02:30:56.041: ac_first_hop_mac - IP:10.255.1.1 Hop IP:10.255.1.1 IDB:BVI1
*Aug 2 02:30:56.041: Setting AC first hop MAC: ccef.481f.14bf
-test-ap1#sh int bvI 1
BVI1 is up, line protocol is up
Hardware is BVI, address is e8b7.489e.4645 (bia e8b7.489e.4645)
Internet address is 10.255.1.3/24
===================From backup N+1 WLC===
*spamApTask4: Aug 02 11:41:09.842: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:41:01.889: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:40:57.912: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:40:55.924: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58470).
*spamApTask4: Aug 02 11:18:50.553: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:42.600: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:38.623: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*spamApTask4: Aug 02 11:18:36.636: #CAPWAP-3-DTLS_DB_ERR: capwap_ac_sm.c:7305 64:a0:e7:40:eb:42: Failed to create DTLS connection for AP 10:255:1:3 (58469).
*mmListen: Aug 02 10:43:38.637: #LOG-3-Q_IND: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
*spamApTask0: Aug 02 10:43:38.500: #LWAPP-3-DISC_MAX_DOWNLOAD: spam_lrad.c:1676 Ignoring discovery request from AP e8:b7:48:9e:46:45 - maximum number of downloads (0) exceeded
==================== From one of our Primary WLC=====================
(WLC-5500) >show advanced backup-controller
AP primary Backup Controller .................... ODC-WLC1 10.254.240.5
AP secondary Backup Controller .................. 0.0.0.0
(WLC-5500) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Primary
Unit ID = 54:75:D0:DE:DE:40
Redundancy State = N/A
Mobility MAC = 54:75:D0:DE:DE:40
Redundancy Management IP Address................. 0.0.0.0
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 0.0.0.0
Peer Redundancy Port IP Address.................. 169.254.0.0
(WLC-5500) >show license capacity
Licensed Feature Max Count Current Count Remaining Count
AP Count 250 203 47
==============From the Backup N+1 WLC in DR =====================
(Cisco Controller) >show redundancy summary
Redundancy Mode = SSO DISABLED
Local State = ACTIVE
Peer State = N/A
Unit = Secondary - HA SKU
Unit ID = 6C:41:6A:5F:4C:80
Redundancy State = N/A
Mobility MAC = 6C:41:6A:5F:4C:80
Redundancy Management IP Address................. 10.254.240.3
Peer Redundancy Management IP Address............ 0.0.0.0
Redundancy Port IP Address....................... 169.254.240.3
Peer Redundancy Port IP Address.................. 169.254.0.0
(Cisco Controller) >show license capacity
Licensed Feature Max Count Current Count Remaining Count
AP Count 500 0 500Current AP High Availability Configuration:
2nd Step, shutdown the LAN Switch ports on which the Primary WLC is connected so I force the AP going to HA SKU WLC.
DC-WiFi-SVC1-LAB(config)#inter
DC-WiFi-SVC1-LAB(config)#interface por
DC-WiFi-SVC1-LAB(config)#interface port-
DC-WiFi-SVC1-LAB(config)#interface port-channel 3
DC-WiFi-SVC1-LAB(config-if)#shut
DC-WiFi-SVC1-LAB(config-if)#
Log in the AP after shutdown:
Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 2)
*Jan 15 15:52:15.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 2)
*Jan 15 15:52:18.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 3)
*Jan 15 15:52:21.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 4)
*Jan 15 15:52:24.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 4)
*Jan 15 15:52:27.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 4)
*Jan 15 15:52:30.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 4)
*Jan 15 15:52:33.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 4)
*Jan 15 15:52:36.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 4)
*Jan 15 15:52:39.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 7)
*Jan 15 15:52:42.307: %CAPWAP-3-ERRORLOG: Retransmission count exceeded max, ignoring as the ethernet is overloaded
*Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: Retransmission count for packet exceeded max(CAPWAP_WTP_EVENT_REQUEST
., 8)
*Jan 15 15:52:45.307: %CAPWAP-3-ERRORLOG: GOING BACK TO DISCOVER MODE
*Jan 15 15:52:45.307: %DTLS-5-SEND_ALERT: Send FATAL : Close notify Alert to 172.23.111.23:5246
*Jan 15 15:52:45.371: %WIDS-6-DISABLED: IDS Signature is removed and disabled.
*Jan 15 15:52:45.371: %LWAPP-3-CLIENTERRORLOG: LWAPP LED Init: incorrect led state 255
*Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to administratively down
*Jan 15 15:52:45.383: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to administratively down
*Jan 15 15:52:45.395: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 15 15:52:46.015: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 15 15:52:46.383: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 15 15:52:46.423: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jan 15 15:52:46.431: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 0 down
*Jan 15 15:52:47.167: %CLEANAIR-6-STATE: Slot 1 down
*Jan 15 15:52:47.415: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 15 15:52:47.423: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 15 15:52:47.451: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 15 15:52:47.459: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jan 15 15:52:47.467: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 15 15:52:48.451: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 15 15:52:48.459: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 15 15:52:48.487: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 15 15:52:49.487: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Selected MWAR 'DC-WiFi-WLC1-0'(index 1).
*Jan 15 15:52:56.011: %CAPWAP-3-ERRORLOG: Go join a capwap controller
*Jan 15 15:52:44.000: %CAPWAP-5-DTLSREQSEND: DTLS connection request sent peer_ip: 172.23.111.20 peer_port: 5246
*Jan 15 15:52:44.467: %CAPWAP-5-DTLSREQSUCC: DTLS connection created sucessfully peer_ip: 172.23.111.20 peer_port: 5246
*Jan 15 15:52:44.471: %CAPWAP-5-SENDJOIN: sending Join Request to 172.23.111.20
*Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Invalid event 10 & state 5 combination.
*Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: CAPWAP SM handler: Failed to process message type 10 state 5.
*Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to handle capwap control message from controller
*Jan 15 15:52:44.471: %CAPWAP-3-ERRORLOG: Failed to process encrypted capwap packet from 172.23.111.20
*Jan 15 15:52:44.927: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jan 15 15:52:44.995: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 15 15:52:45.003: ac_first_hop_mac - IP:10.219.96.1 Hop IP:10.219.96.1 IDB:BVI1
*Jan 15 15:52:45.007: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
*Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
*Jan 15 15:52:45.927: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 15 15:52:45.971: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to down
*Jan 15 15:52:45.979: %LINK-5-CHANGED: Interface Dot11Radio1, changed state to reset
*Jan 15 15:52:46.007: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to down
*Jan 15 15:52:46.959: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
*Jan 15 15:52:46.999: %DOT11-6-DFS_SCAN_START: DFS: Scanning frequency 5520 MHz for 60 seconds.
*Jan 15 15:52:47.003: %LINK-6-UPDOWN: Interface Dot11Radio1, changed state to up
*Jan 15 15:52:47.015: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to down
*Jan 15 15:52:47.023: %LINK-5-CHANGED: Interface Dot11Radio0, changed state to reset
*Jan 15 15:52:48.003: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio1, changed state to up
*Jan 15 15:52:48.015: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to down
*Jan 15 15:52:48.047: %LINK-6-UPDOWN: Interface Dot11Radio0, changed state to up
*Jan 15 15:52:49.047: %LINEPROTO-5-UPDOWN: Line protocol on Interface Dot11Radio0, changed state to up
APe4d3.f11e.a8e1#
3rd Step, verifying the LOG on the AP and check if it can connect to the HA SKU WLC
*Jan 15 15:52:45.075: %CAPWAP-5-JOINEDCONTROLLER: AP has joined controller DC-WiFi-WLC1-0
*Jan 15 15:52:45.223: %WIDS-6-ENABLED: IDS Signature is loaded and enabled
CONCLUSION:
I needed to activate the EVALUATION LICENSE in the HA SKU WLC which had status = EULA NOT ACCEPTED. I will test the SSID's in order to confirm that redundancy using HA SKU WLC works fine. -
LRT224 Load Balancing and Link Failover
Hi, I am new to this forum. I have recently set up the LRT224 with two different ISP's. I am having problems configuring the Load Balance and Link Failover.
When I have Load Balance selected only one ISP (WAN 1) is active, the other (WAN2, ISP modem) remains inactive. Why is Load Balance only engaging one ISP?
When I have Link Failover selected, even with attempts and seconds configured to one second, and WAN1 has packets lost, it doesn't switch over to WAN2.
I am not tech savey but any help will be greatly appreciated so that I can get both ISP's active with Load Balance or at least have Link Failover work almost instantly. Thanks.Hi @BSue2015,
If both WAN1 and WAN2 are already getting IP Addresses from your ISPs then we can say that Load Balance is working. To check it further, do a speed test by going to http://www.speedtest.net. Dual WAN connections are doubling the amount of available full speed connections due to the load balancing. The speed should have its maximum throughput even if you have several users on the network. -
Hello,
Am new to Oracle RAC. We have a 2 node 11gR2 Cluster and we are in the process of doing some failover testing. For database deployments we use an internal third part tool called the deployer which has tokens for DB configurations and the DBHost token in the deployer has the Hostname for either Node 1 or Node 2. In this way we are not actually utilising the HA feature because the connection is either to Node1 or Node 2 and if something happens to either the deployment cannot connect to the database on the respective Node which treats as a single Node instead of a Cluster.
Instead of mentioning the DBHost value to point to the Physical Hostname of the Server in a Cluster I was thinking if I can use the VIP address i.e ipaddress-VIP for either of the Node. So after making changes I would like to do some failover testing manually and I am stuck here. How do I go about the testing scenarios.
For Eg: if DBHOST token value is VIP for Node 2, connections are coming in to Node2 via deployer how do I proceed with the testing
Should I bring down Node 2? If I reboot how can I see if it failed over or not to the surviving Node?
Any help/suggestions much appreciated.
Thanks!What you describe is having a RAC cluster, possibly working possibly not, and no actual use of the value of the licensing you paid for.
My first advice to you is to read the docs and learn what RAC is, how it works, how to define and use services, and how a properly configured LISTENER.ORA and TNSNAMES.ORA should be constructed so you can compare that to what you have. With 11gR2 you should connect to the SCAN not the VIP.
Here's how I would test RAC:
1. Walk up to one of the servers while half the users are connected to each instance and do a SHUTDOWN ABORT. See what happens. Restart the killed node. Try it with the other node.
2. With everything running properly and load on both machines disconnect the switch that provides the cache fusion interconnect or pull one of the cables out of the server. When you reestablish the connection what happens?
3. Repeat #2 but this time with the connection to storage.
The above should get you started. -
Dataguard switchover & failover testing
i want to build new physical & logical dbs just for testing & learning, as per menalink notes 736863.1 & 748595.1
wondering that configuration will let me test switchover & failover testing?Hi there,
Those notes help you to build a proper data guard configuration in both Physical and Logical Standby enviromnment.
I would also recommend to check:
- [The Oracle online documentation|http://download.oracle.com/docs/cd/B19306_01/server.102/b14239/toc.htm]
- [Oracle Maximum Availability Architecture site on OTN|http://www.oracle.com/technology/deploy/availability/htdocs/maa.htm]
These documents can provide a big picture of Data Guard configurations from different approaches as well as I would also recommend to learn and practice more advanced techniques and features such as Flasback database, Fast-start-failover or Cascaded destinations.
Hope this helps,
Good luck and regards,
Jozsef -
As part of an ISE implementation, I want to test ISE failover for Admin, MnT, and PSN personas. Does anyone have an ISE failover test plan or ISE failover test best practices documentation to share?
Thanks much,
David DaversoSteps for Administration persona failover testing
1. Stop ISE services on Primary Admin
Primary Admin# application stop ise
2. Log in to the Secondary Admin GUI and manually promote to Primary
3. Wait 10-15 minutes before process is complete
4. Verify ISE services are up on promoted Secondary Admin
Secondary Admin# sh application status ise
5. Promoted Primary Admin checks
Deployment pages shows all nodes are green and in synch
6. User testing to verify successful authentications and logging
Note:
After you promote your secondary Administration node to become the primary Administration
node, you must reconfigure your scheduled Cisco ISE backups in the newly promoted primary
Administration node
because scheduled backups are not replicated from the primary to secondary Administration
node.
7. After step 6 testing is complete restore original Primary Admin
8. Start ISE services on original Primary Admin
Primary Admin# application start ise
9. Verify ISE services are up on original Primary Admin
Primary Admin# sh application status ise
10. Promoted Primary Admin checks
Deployment pages shows original Primary Admin green and in synch
11. Stop ISE services on Promoted Primary Admin
Secondary Admin# application stop ise
12. Log in to the original Primary Admin GUI and manually promote to Primary
13. Wait 10-15 minutes before process is complete
14. Verify ISE services are up on original Primary Admin
Primary Admin# sh application status ise
15. Promoted Primary Admin checks
Deployment pages shows all nodes are green and in synch
16. User testing to verify successful authentications and logging
Note:
After you promote your secondary Administration node to become the primary Administration
node, you
must reconfigure your scheduled Cisco ISE backups in the newly promoted primary
Administration node
because scheduled backups are not replicated from the primary to secondary Administration
node.
17. Start ISE services on original Secondary Admin
Secondary Admin# application start ise
18. Verify ISE services are up on original Secondary Admin
Secondary Admin# sh application status ise
19. Primary Admin checks
Deployment pages shows original Secondary Admin green and in synch
20. User testing to verify successful authentications and logging -
RAC 11gR2 VIP and SCAN failover behavior
I tried to failover testing on 2 node 11gR2 RAC on Linux 5 X86-64 with configure in tnsnames.ora on client side (client side TAF configuration) with the following configuration
NVSDB =
(DESCRIPTION =
(ADDRESS = (PROTOCOL = TCP)(HOST = dbrac-scan)(PORT = 1521))
(LOAD_BALANCE = yes)
(CONNECT_DATA =
(SERVER = DEDICATED)
(SERVICE_NAME = NVSDB)
(FAILOVER_MODE =
(TYPE = SELECT)
(METHOD = BASIC)
(RETRIES = 180)
(DELAY = 5)
The test scenario
1. Connect from client to RAC database , and test query with select * from dba_objects
2. Open new terminal and connect to instance in step 1 , then shutdown abort
3. I found that , the session in step 1 not failover to other node , and VIP and SCAN not failover to other node too
In my opinion session , VIP and SCAN should failover to other node.
Or is this the default behavior of VIP and SCAN on 11gR2 ??
Can anyone suggest me ?
Thankyou and Regardsuser10139161 wrote:
3. I found that , the session in step 1 not failover to other node , Which client/driver did you use to try this? The reason I am asking is that TAF is not supported with jdbc:thin, so if you were trying this with sqldeveloper and the defaul driver that would be the expected behaviour
and VIP and SCAN not failover to other node tooThat is also expected. You only stopped the instance, there is no reason to relocatethe VIP. In your case, client could still connect to the listener running on this node, the listener would know of the second instance still being up and redirect all connection attempts there.
What you could try is rebooting the whole server, then you would see IPs being relocated.
Bjoern -
Redundancy/failover testing
My company is a relatively small enterprise (about 800 people scattered across 45-50 branches) and we are planning on setting up a periodic failover/redundancy testing schedule for our routers. Basically, we want to test the secondary WAN links at our branch offices and test our redundancy in our data centers.
I'm sure there is plenty of documentation out there in regards to best practices, but what I find has more to do with a full DR test of a enterprise's systems, as opposed to a simple failover test of an office's WAN link.
Does anyone have good suggestions for how often you should run these tests? My original thinking is to do this every quarter, but this would involve some travel for us and our resources are slim. The branch offices can be done remotely without any issue, but our DR site (which is actually used for some production traffic) would probably require one of our staff to be on site during a redundancy test.
Thanks!Yep, that's what I did now.
But keep in mind this is not really explained, even if crossing all the documentations.
There is no document explaining what behaviour to expect in Jabber in case of redundancy of all the UC components.
For the CUCM, it's not clear, and nothing is mentionned in case of MRA.
IM&P is documented, but nothing for MRA.
Expressays states about redundancy, but the behaviour to expect is not. Same for XMPP federation, no idea.
UnityConnection as well, nothing is explained. -
JMS queue| failover test question
HI gurus,
We are planning a failover test to migrate from prod to contingency environment.
What happens to transactions that may be sitting in the JMS queue when the prod jvms are stopped? Is there a way to migrate them to the cont jvms?We are using jdbc stores and the supporting tables for both prod and cont will exist in the oracle DB, but with different names. Since the CONT jvms will be using different tables for the JMS queues, is there a way to migrate those queued transactions from prod to the CONT side?
Details of environment
1) OS for App Server
Linux x86-64.
Linux va2xpre03.gdsososos.com 2.6.18-128.1.6.el5 #1 SMP Tue Mar 24 12:05:57 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux
2) App Server type and version
WLS 10.3.0
JDK version
jrockit_160_11
3)
Clustered and it is a Prod environment.
Details:
UI cluster has 5 servers. There are 4 jvms in each server. Altogether there are 20 jvms in UI cluster
Recon cluster has 3 servers. There are 4 jvms in each server. Altogether there are 12 jvms in Recon cluster
regards,
Thiago Leoncio GuimaraesA common practice for handling this type of fail-over is to ensure that the main environment's domain name, server names, store, transaction logs (default store), and JMS configuration all all the same in the contigency environment (basically, differences, if any, are confined to things like URLs and Data Source configuration of DB location). Recovery is accomplished in the fail-over environment by copying over each server's default file store, as well as its JDBC store backing tables, prior to booting the fail-over servers.
Transaction logs don't need to be copied over if you don't use XA (JTA) in your applications... -
Recreate standby after failover test
Hi -
I'm doing a failover test for the customer:
1. Disconnect all network between Primary and Standby
2. On the Standby - do a failover and open it to perform application tests.
3. After finish we need to re-create Standby again.
Is there a way to re-create Standby again without bringing it all from backup? it's a large 2TB database and it will take hours.
Is there a way like using flashback or other technology to do it?
We are talking 10.2.0.3 here...
Thanks
Edited by: 912294 on 04:07 06/02/2012Is there a way to re-create Standby again without bringing it all from backup? it's a large 2TB database and it will take hours.
Is there a way like using flashback or other technology to do it?
We are talking 10.2.0.3 here...Its called "open the Standby database in read write mode for any reporting or testing and then move it back to standby database using the flashback technology".
In detail check this MOS note *How To Open Physical Standby For Read Write Testing and Flashback [ID 805438.1]*
Thanks. -
Sap not starting during manual failover testing
Dera friends,
We are performing manual failover testing between CI(sap central instance) and DB(oracle database)
the environment is ECC6.0 on AIX server
CI is running on one server and DB is running on another, during manual testing we have failed the DB, so now DB file systems has got mounted on CI server.
So when i log into CI with user as shown below (sid-irp)
su - irpadm
and the execute the command as shown below
irpadm 6> startsap
i get the following message
PRDCIXI:irpadm 6> startsap
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
Checking IRP Database
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
ABAP Database is not available via R3trans
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
Starting SAP-Collector Daemon
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
15:03:05 26.09.2008 LOG: Effective User Id is root
This is Saposcol Version COLL 20.94 700 - AIX v10.35 5L-64 bit 070123
Usage: saposcol -l: Start OS Collector
saposcol -k: Stop OS Collector
saposcol -d: OS Collector Dialog Mode
saposcol -s: OS Collector Status
The OS Collector (PID 1101932) is already running .....
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
saposcol already running
tee: 0652-044 Cannot open /home/irpadm/startsap_.log.
ABAP Database IRP must be started on remote server
===============================================
why am i getting this "ABAP Database IRP must be started on remote server" message.
What could be the cause for my database not comming up & why is it looking for remote server, when all the DB filesystems have got mounted on CI server (the server that has CI installed)
We are in a bad shape and the issue is quite crticial.
Your reply would be highly appreciated.
Regards
Ayush> how can i check wether the directories are missing or not...
mount?
> Also how can i check it wether they are assigned to failover group or not.
Ayush, no offense, but I suggest you contact your AIX guy and check with him together. It's very cumbersome to write down command by command, get the outpu t back and you have no clue what you are doing. Again, no offense.
Markus -
ACE 4710 no failover on ft track
I have a pair of ACE appliance setup to failover on the FT TRACK of a vlan. I tried disconnecting the primary ACE from network and failover did not occur and the backup did not takeover. Also indicated in the FT group summary.Attachemnts are FT configs
you should have given us your complete config since day one.
The FT config part is correct since the standby became active. This is all FT does.
The problem is that you did not configure an ip address for the standby.
In the active config, for each interface MUST have :
ip address x.x.x.x1 ....
peer ip address x.x.x.x2 ....
alias address x.x.x.x3...
The ip address x1 is for primary ace, x2 for the secondary and x3 is shared.
x1 and x2 stays with their ace whatever the status.
x3 stays with the active ace and goes from primary to secondary when necessary.
You are most probably missing the 'peer ip address'. This is bad.
Also, the secondary should be running just like the primary even in standby mode. It should be able to ping devices, send probes, ...
So before failover, make sure the secondary is "alive".
Gilles. -
Hi all,
I am creating a failover test script that is simple and is doing insert 1 row every 2 seconds.
Then we fail the node1 and check if it will continue to insert on node2.
My script is using sqlnet client connect. for example :
connect scott/tiger@TEST
So I still need to install oracle client on my laptop.
I want to create a script that will not need Oracle client or tns names.ora in my laptop. How do I do it?
I want it to behave like what the sqldeveloper do in which no tns names is needed and uses the parameter: hostame: port: SID
Thanks a lot,
zxy
Edited by: yxes2013 on 19.4.2013 2:11yxes2013 wrote:
I thank you all :)
But I dont want anything to be installed in my laptop. I only want the program to use or ride on the functionality of sqldeveloper which you just cut n paste.
You could write a Java program that uses JDBC to connect - that would be one way.Can you share a sample java program that behave like sqldev? and rides on it? becuase I do not want to install other tools.
ThanksHere's a simple Java program. Just compile it with javac, set your CLASSPATH to include ojdbc.jar, and run it with java:import java.sql.*;
class Conn {
public static void main (String[] args) throws Exception
Class.forName ("oracle.jdbc.OracleDriver");
Connection conn = DriverManager.getConnection
("jdbc:oracle:thin:@//localhost:1521/orcl", "scott", "tiger");
// @//machineName:port/SID, userid, password
try {
Statement stmt = conn.createStatement();
try {
ResultSet rset = stmt.executeQuery("select BANNER from SYS.V_$VERSION");
try {
while (rset.next())
System.out.println (rset.getString(1)); // Print col 1
finally {
try { rset.close(); } catch (Exception ignore) {}
finally {
try { stmt.close(); } catch (Exception ignore) {}
finally {
try { conn.close(); } catch (Exception ignore) {}
}OK? -
Hi,
Anybody did 11i/10g RAC Failover test. How to do the test and what steps involved. What is expected when one node down?
my config
web, admin, form - appsnode1
concurrent / db (rac1) - dbnode1
concurrent /db (rac2) - dbnode2
Thanks for your help.
RegardsYou can check the below
1. VIP Failover - VIP should failover when node gets rebooted.
2. When one of the node is down you should still be able to logon to applications.
3. Since you have only one node and do not use PCP you CM processes will die.Make sure you start them.
4.Once you bring the node back , test your load balancing is happening fine across both the db nodes.
Let me know if this is helpful/correct and if you need more information.
Regards
Nitin Arora
Maybe you are looking for
-
How can I read books from the library on my iPad?
I've downloaded Over Drive and Bluefire in an attempt to read books downloaded from the library. Although both libraries say it's easy to transfer from my home computer to the iPad, nothing has worked so far. Has anyone had success?
-
Issue with Tascam FW-1082 Control Surface
Anyone having issues with this connected to a mac Pro? I have one and upon turning on the unit, crashes the entire computer. If I boot with the unit connected, it'll sometimes keep OSX from doing a full boot, or if it does boot, FCP will hang on star
-
Hello I plan to upgrade my RAM from 1GB to 4GB in my X60. I have found two different RAM models of Kingston. One is specially made for Lenovo X60 [1] and one is the HyperX model [2] with the same specs. Should I chose one over the other? If yes, whic
-
Plm in migrating sapscript to smartform
hi gurus, i can migrate the sapscript to smartforms through t.code smartforms -->define the smart form name -->utilites(menu) -->migration -->import sap script form, then save after that if u go for syntax check it shows the somany syntax errore sayi
-
Dear all, Today I see a strange behavior of the 2504. Does the 2504 working similar to the 5508? I configured on the 2504 a two new interfaces additional to the management which is also tagged I used only port-1 on the wlc and was not able to use the