Need advice switch Active/Active or Active/Standby?

Similar Messages

• Help please! I need advice on activating BT Sport...

  I recently had a call from BT following a complaint that I made. The Scottish lady who rang was brilliant and after getting advice here on a thread I started, I sent BT my compliments to her for fantastic service.
  Having sorted out my complaint, she then asked did I want to activate BT Sport on my Sky box. I did and she talked me through what to do. It involved taking out the Sky card and making a note of a certain number. I put the Sky card back in the box & she talked me through the stages of finding a screen on which I had to enter the number from the Sky card.
  Seconds later, BT Sport on my Sky box was activated. Magic!
  BT has just sent a new hub to a friend of mine, a BT Broadband customer. She doesn't know what she did with the paperwork that came with it - she's connected it in place of the old hub but she doesn't know how to activate BT Sport on her Sky Box.
  Can someone point me in the right direction, please, so that I can help her?
  Thanks

  Hi Taffy078,
  Thanks for the post.  
  Your friend can add BT sport via BT.com, here is the link for your convenience BT Sport on Sky 
  Cheers
  Sean
  BTCare Community Manager
  If we have asked you to email us with your details, please make sure you are logged in to the forum, otherwise you will not be able to see our ‘Contact Us’ link within our profiles.
  We are sorry that we are unable to deal with service/account queries via the private message(PM) function so please don't PM your account info, we need to deal with this via our email account :-)

• Active Standby events

  How to disable the internet search, WLAN, share online?

  This depends which phone model you have. On most S60 phones, you onlyhave the option to switch Active Standby on or off - switching it off removes those but also the quicklaunch shortcuts.
  If you have an FP2 phone such as the N96, you have an additional option which gives you a smaller number of shortcuts without the text links.
  Go to Menu> Tools> Settings> Personalisation> Standby mode

• FWSM 4.0: switch from active/standby to active/active failover mode

  Hello,
  I have a pair of FWSM's running version 4.0 currently in active/standby failover mode, and I'd like to switch them to be active/active.  Is there a documented procedure for doing this?  What are the implications for any contexts switched to be primary on the FWSM that is currently acting as a standby (i.e., what kind of outage time can we expect)?
  Thanks in advance,
  Mike

  Hi Bro
  Thanks for the update, but still you'll need to create 2 contexts, each context will be ACTIVE on different Cisco ASA FW units. Hence, there will be some cut, copy and paste effort, not forgetting recabling, if that's needed. Here's a Cisco document to configure ACTIVE/ACTIVE for those who can't seem to find this document http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080834058.shtml#req
  Conclusion: There will be some network downtime. I'm guessing 15min, if it was me :-)
  P/S: If you think this comment is helpful, please do rate it nicely :-)

• HT201407 Hello All, I bought an iPhone of eBay. It seemed fine until this morning when it switched itself off and now it won't come on unless it's plugged in. And even then it is asking that it needs to be activated, but it can't connect to iTunes. Any su

  Hello All, I bought an Iphone of eBay. It seemed fine until this morning when it switched itself off and now it won't come on unless it's plugged in. And even then it is asking that it needs to be activated, but it can't connect to iTunes

  Try Recovery Mode... http://support.apple.com/kb/HT1808

• Active/standby pair + Oracle db parameter FAILTHRESHOLD

  Assume we have 3 databases
  TT_A - timesten Active
  TT_S - timesten Standby
  O - oracle db.
  SETURN MODE twosafe
  Storage atributes
  RETURN SERVICES OFF WHEN REPLICATION STOPPED;
  FAILTHRESHOLD set to 10 value.
  Two timesten databases are in consistent state.
  Aplication update TT_A.
  TT_S replication data to ORACLE.
  Assume we stop replication.
  So application can run on TT_A.
  After 10 log switch TT_S will be marked as failed.
  All logs waiting for TT_S will be delete.
  So how oracle receiv the data ?

  In active standby pair replication, cache operations are tightly coupled with replication. In normal operation of AWT cache group within an A/S pair, updates occur at the active which replicates them to the standby and then the standby pushes them to Oracle. The active and standby continually exchange housekeeping information about what transactions have been committed at the standby and which have been committed, via AWT, at Oracle. The active and the standby will only purge transaction logs for transactions that they know are safely stored in all 3 places. If the standby fails then, as long as you tell the active that it has failed (via a call to ttRepStateSave()), the active will take over the AWT push from the last transaction that it knows was safely committed in Oracle. No data will be lost.
  If you are using oracle Clusterware to manage your A/S pair then you don't need to do anything as Clusterware will perform the necessary notification to the active that the standby has failed.
  Chris

• Active Standby Pair Clustering.

  Hi Chris, I had created ActiveStandby Pair as follows:
  Server 1 => DSN: TTCluster1
  Server 2 => DSN: TTCluster2.
  Then I created ActiveStandby Pair in Server1, Started RepAgent and then Duplicated the DSN on Server 2 with name TTCluster 2. It worked fine.
  Now to access it from the client server mode, I created Client DSN on Client machine using Virtual IP. (Using Linux Cluster Manager).
  But inthis case I had to create two client DSN. TTCluster1Client and TTCluster2client. Since Application can connect to only one DSN and shifting to other while failover is very difficult.
  So I am trying following model now, Let me know your views on this.
  Server 1 and Server 2, both will have same DSN name "TTCluster".
  Client Machin will have only one DSN "TTClusterClient" using VIP.
  When the Server1 failes, Server 2 will take over and there is no need of shifting client DSN. Application will be routed to Server 2 after switch over.
  Step1: created server DSN "TTCluster" on Server 1 and Server 2.
  Step2: created user 'ttcluster' on Server 1 and Server 2.
  Step3: Create DataStore TTCluster on Server 1. (By connecting to TTCluster).
  Step4: Create Cache Groups (AWT) on Server1.
  Step5: Started Cache Agent on Server1.
  Step6: Created ActiveStandby Pair on Server1 as follows:
  CREATE ACTIVE STANDBY PAIR
  TTCluster ON "wabtectimesten.patni.com",
  TTCluster ON "wabtectimesten2.patni.com"
  RETURN TWOSAFE
  STORE TTCluster PORT 20000 TIMEOUT 120;
  Step8: executed ttrepstateset('ACTIVE') on server1.
  Step9: Started Replication Agent on Server1.
  Step10: Duplicated DataStore on Server2.
  Issues:
  Server2 is not coming up as Standby. The log on Server1 shows following messages:
  15:19:33.83 Warn: REP: 8671: TTCLUSTER:receiver.c(1723): TT16060: Failed to read data from the network. select() timed out
  15:19:37.09 Err : REP: 8671: TTCLUSTER:receiver.c(3428): TT16142: Failed to retrieve peer information. No peers found
  15:19:37.09 Err : REP: 8671: TTCLUSTER:transmitter.c(5523): TT16229: Transmitter thread failure due to lack of state consistency at subscriber store _ORACLE
  Question:
  While creating replication scheme I have mentioned.
  STORE TTCluster PORT 20000 TIMEOUT 120;
  I need to define the timeout for both DataStores. How will I do that?
  The above timeout will be applicable for which datastore??
  Can you please let me know if I am going in the right direction???

  Hi Tanweer,
  When designing a monitoring scheme for TimesTen one has to bear a few things in mind (though not all will be relevant in every case):
  1. There could be multiple 'instances' of TimesTen installed on a machine. Each instance is completely independent and must be monitoried separately.
  2. Each instance has a 'main daemon' (timestend) that is the instance master supervisor. If this daemon is running and healthy then the 'instance' is considered to be 'up' and 'healthy'.
  3. Each instance can manage multiple datastores. Each datastore is independent from the others and so each datastore must be monitored separately.
  4. Each datastore may be using replication and/or cache connect. If so, these must also be monitored as well as the datastore since it is perfectly possible e.g. for the datastore to be healthy but for replication to be 'down'.
  Depending on your requirements, your monitoring mechanism must 'model' this structure and relationships...
  - If the instance main daemon is not running, or is not responding, then the entire instance is 'down' and all datastores managed by the instance should also be considered as 'down'
  - If a datastore goes down (e.g. call invalidate), other stores in the instance are not affected and neither is the main daemon for the instance. They will continue to operate normally.
  - A datastore may be healthy in itself but maybe replication or cache connect for the datastore is not healthy. Do you then consider the datastore as down? That depends on your applications requirements!
  Hopefully this helps to clarify the interrelationship of components. Crashing a datastore by calling 'invalidate' does not crash the daemon (if it does then that is a bug!).
  For monitoring the instance (main daemon) there are a few options:
  1. ps -ef | grep timestend. This can detect if the daemon process is running but not if it is healthy...
  2. Connect to a datastore. Every connect/disconnect request is processed via the main daemon so if the daemon is not healthy this will result in some error (usually a 'cannot communicate with the daemon' error). However, connect/disconnect are relatively expensive so you don't want to do this too often.
  3. Have a monitoring process that maintains an open connection to the instance level datastore (DSN=TT_<instancename>). Periodically (as often as required within reason) it can execute the built in procedure ttDataStoreStatus() passing it the pathname of the instaance datastore checkpoint files (obtainable from the built in procedure ttConfiguration). This procedure communicates with the main daemon so will either return success (meaning daemon is okay) or an error (daemon is in big trouble).
  If you have to do the test from a script then I would suggest that (2) is best but if you can do it from a continually running monitoring process then (3) is better.
  For monitoring a datastore the best way to ascertain overall health is as follows:
  1. Have a dummy table in the datastore. And as part of the check update a row in th dummy and commit the transaction. If this returns success then this shows that the datastore is up and able to service update requests (which means it is also okay for read requests).
  2. You should also monitor the available space in the datastore and warn someone or something if the free space gets too low. You can query space allocation, current usage and high watermark usage from the SYS.MONITOR table. You can also configure TimesTen to generate SNMP traps and/or return warnings to applications if space usage exceeds some configured threshold. The objective is to take proactive action to prevent the datastore becoming full since that will require more disruptive corrective action.
  For monitoring replication you should periodically:
  1. Check that the datastore's repagent is running (you can do this using ttDatastoreStatus)
  2. Check the status of each replication peer by calling ttReplicationStatus and checking the values of pstate (should be 'start') logs (if this value increases over time then the peer is in some kind of trouble) and lastMsg (if there is no message from the peer for a long time then it may be in some kind of trouble).
  3. Sometimes an easier way is to have a dummy table set up for synchronous replication and do an update+commit for a row in that table. if replicatioin is working the commit will return within a few ms at most. If you get a timeout error returned that tells you that replication is in trouble,
  To monitor cache connect is not so easy at present.
  For AWT cache groups, the same monitoring as is used for replication is okay).
  For SWT cache groups, if the sync to Oracle is not working every commit will get an error (so that's kind of obvious).
  For AUTOREFRESH cache groups it's a bit harder. There is currenyly no supported way to determine when the last successful autorefresh occurred. I am hoping this capability will be added in a future release.
  Sorry if that is a bit long winded - I hope it helps...
  Chris

• Active/Standby Failover with pair of 5510s and redundant L2 links

  Hi
  I just got two ASA5510-SEC-BUN-K9 and I'm wondering is it possible to implement an Active/Standby Failover configuration (Routed mode) with two ASA5510 and redundant pair of switches from both inside and outside interfaces? In other words, I would like to have two L2 links from each ASA (in pair od ASAa) to each L2 switch (in pair of redundant L2 Switches). The configuration I would like to achive is just like one in Cisco Security Appliance Command Line Configuration Guide, page B-23, figure B-8, with only difference that I wouldn't go with multiple security contexts (I want Active/Standby failover).
  Thanks in advance
  Zoran Milenkovic

  Hello Zoran,
  Absolutely. You can have 2 ASAs configured in Active/Standby mode. For reference, here is a link which has a network connectivity diagram based on PIX, however, connectivity would still be same with ASAs-
  http://www.cisco.com/en/US/docs/security/pix/pix63/configuration/guide/failover.html#wp1053462
  The difference is that on ASA, you can only have LAN-Based failover, hence you'll need to use one additional interface on both ASAs for failover-link. You can connect these two failover-link interfaces directly using a cross cable.
  Apart from this, please refer to following link on how to go with configuration of Lan-based Active/Standby failover-
  http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1064158
  Also make sure that both ASAs have required hardware/software/license based on following link-
  http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/failover.html#wp1047269
  Hope this helps.
  Regards,
  Vibhor.

• Safe way to reboot Active/Standby Pair

  Hello,
  I have the need to reboot my ASA5520. We have a Active/Standby pair and I want to make sure that they come up playing nicely and not in a tug of war.
  Any advice on the proper way to reload these machines and optimize uptime??
  Thanks,
  Pedro

  Pedro
  If you are not bothered as to which one becomes primary then simply pick one, reload, wait until it has come up and then reload the other one.
  As long as you have failover correctly configured there should be minimal downtime, just the time it takes to fail over when you reload.
  If you want the primary to stay as the primary then you need to reload this one first, let it come up as standby, then reload the other one and the former primary will now become the primary again.
  Note that reloading the standby first is the best approach simply because you only then have one failover ie. when the standby comes backup and resumes it's standby funtionality and then you reload the primary there will be a failover.
  Jon

• N95 Active Standby basic, or S60 version?...

  Hi guys
  I was just wondering which N95 users have the more up to date Active Standby mode (the S60 version with the icons on the left, and submenus that popout) and who has the older version?
  My brother and I both have N95s, both from Phones4U and both on Orange contract - yet his has the new menu, and mine has the old one. He also has the option to switch between the 2 in his settings.
  Anyone know if there is a way to get that functionality on my phone?
  Many thanks
  C.

  04-Sep-200709:59 PM
  mechanimal82 wrote:
  04-Sep-200703:54 PM
  korngear wrote:
  What bout the generic ones??
  What do you mean???
  The Orange Standby screen is only on Orange branded handsets. No way to get it on an unbranded generic phone.
  No dude, I just meant it is only to O2.
  Not for the generic ones, no need for it, too.
  Just to get clarified.

• ASA Active/Standby mode and Hello messages

  Hi Everyone,
  On ASA  Active/Standby mode  i know thatsay inside or any other interface of active and standby ASA should connect to same switch and vlan.
  When we assign say ip address to inside interface of both ASA like
  ip address 192.168.x.1 255.255.255.0 standby 192.168.x.2 255.255.255.0
  Need to know if these inside interface talk to each other or not?
  Do they send hello messages?
  Thanks
  MAhesh

  Hi Mahesh,
  The ASA Active/Standby Failover pair uses both the dedicated Failover interface and the actual Data interfaces to monitor the "health" of the Failover pair.
  The units send Failover hello messages and wait for a reply to determine if the other unit is alive or not.
  By default all Physical interfaces are automatically monitored. To my understanding Logical interfaces such as Trunk interfaces are NOT monitored by default. You will have to configure monitoring for each subinterface of the Trunk that you want to be monitored.
  You would use the command
  monitor-interface
  Check the Command Reference section for this
  http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/m.html#wp2123112
  I would also suggest reading the following section of the Configuration Guide
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/ha_overview.html#wp1079010
  It has information of the Unit and Interface health monitoring of the Failover pair.
  If you want to debug Failover activity you could use the command
  debug fover
  It has multiple additional parameter after that command
  Here is the Command Reference section for the debug command
  http://www.cisco.com/en/US/docs/security/asa/asa84/command/reference/d1.html#wp2093011
  You can even attach a computer on the switch between the ASAs and capture the packets between them an you can see the Failover messages etc from the ASAs
  - Jouni

• ASA 5520 VPN load balancing with Active/Standby failover on 2 devices only...

  /* Style Definitions */
  table.MsoNormalTable
  {mso-style-name:"Table Normal";
  mso-tstyle-rowband-size:0;
  mso-tstyle-colband-size:0;
  mso-style-noshow:yes;
  mso-style-priority:99;
  mso-style-qformat:yes;
  mso-style-parent:"";
  mso-padding-alt:0in 5.4pt 0in 5.4pt;
  mso-para-margin-top:0in;
  mso-para-margin-right:0in;
  mso-para-margin-bottom:10.0pt;
  mso-para-margin-left:0in;
  line-height:115%;
  mso-pagination:widow-orphan;
  font-size:11.0pt;
  font-family:"Calibri","sans-serif";
  mso-ascii-font-family:Calibri;
  mso-ascii-theme-font:minor-latin;
  mso-fareast-font-family:"Times New Roman";
  mso-fareast-theme-font:minor-fareast;
  mso-hansi-font-family:Calibri;
  mso-hansi-theme-font:minor-latin;}
  This topic has been beat to death, but I did not see a real answer. Here is configuration:
  1) 2 x ASA 5520, running 8.2
  2) Both ASA are in same outside and inside interface broadcast domains – common Ethernet on interfaces
  3) Both ASA are running single context but are active/standby failovers of each other. There are no more ASA’s in the equation. Just these 2. NOTE: this is not a Active/Active failover configuration. This is simply a 1-context active/standby configuration.
  4) I want to share VPN load among two devices and retain active/standby failover functionality. Can I use VPN load balancing feature?
  This sounds trivial, but I cannot find a clear answer (without testing this); and many people are confusing the issue. Here are some examples of confusion. These do not apply to my scenario.
  Active/Active failover is understood to mean only two ASA running multi-contexts. Context 1 is active on ASA1 Context 2 is active on ASA2. They are sharing failover information. Active/Active does not mean two independently configured ASA devices, which do not share failover communication, but do VPN load balancing. It is clear that this latter scenario will work and that both ASA are active, but they are not in the Active/Active configuration definition. Some people are calling VPN load balancing on two unique ASA’s “active/active”, but it is not
  The other confusing thing I have seen is that VPN config guide for VPN load balancing mentions configuring separate IP address pools on the VPN devices, so that clients on ASA1 do not have IP address overlap with clients on ASA2. When you configure ip address pool on active ASA1, this gets replicated to standby ASA2. In other words, you cannot have two unique IP address pools on a ASA Active/Standby cluster. I guess I could draw addresses from external DHCP server, and then do some kind of routing. Perhaps this will work?
  In any case, any experts out there that can answer question? TIA!

  Wow, some good info posted here (both questions and some answers). I'm in a similar situation with a couple of vpn load-balanced pairs... my goal was to get active-standby failover up and running in each pair- then I ran into this thread and saw the first post about the unique IP addr pools (and obviously we can't have unique pools in an active-standby failover rig where the complete config is replicated). So it would seem that these two features are indeed mutually exclusive. Real nice initial post to call this out.
  Now I'm wondering if the ASA could actually handle a single addr pool in an active-standby fo rig- *if* the code supported the exchange of addr pool status between the fo members (so they each would know what addrs have been farmed out from this single pool)? Can I get some feedback from folks on this? If this is viable, then I suppose we could submit a feature request to Cisco... not that this would necessarily be supported anytime soon, but it might be worth a try. And I'm also assuming we might need a vip on the inside int as well (not just on the outside), to properly flip the traffic on both sides if the failover occurs (note we're not currently doing this).
  Finally, if a member fails in a std load-balanced vpn pair (w/o fo disabled), the remaining member must take over traffic hitting the vip addr (full time)... can someone tell me how this works? And when this pair is working normally (with both members up), do the two systems coordinate who owns the vip at any time to load-balance the traffic? Is this basically how their load-balancing scheme works?
  Anyway, pretty cool thread... would really appreciate it if folks could give some feedback on some of the above.
  Thanks much,
  Mike

• ASA 8.2 8.4 9.1 possible with no downtime as we run active/standby?

  Hello,
  We have 2 x ASA 5520s (with 2GB mem) in active/standby mode, they also include the IPS modules.
  The current firmware is 8.2 and I was wondering if it is possible to upgrade these firewalls with no downtimes?  In the past I have upgraded the standby ASA, rebooted it and then made it the active ASA then upgraded the new standby ASA.
  I have have quite a lot of NAT Exempts (No-NATs?) and a few static NATs, how did you approach this during your upgrades?
  I guess I can roll back as the 8.2 firmware will still be on the flash and I will have the config?
  Thanks

  Yeah it's supported:
  Release Notes for the Cisco ASA Series, 9.1(x)
  http://www.cisco.com/en/US/docs/security/asa/asa91/release/notes/asarn91.html#wp732442
  This document has the information that you need; it talks about the requirements and zero downtime procedure.
  But you need to take a lot of considerations that you can reference in the document:
  https://supportforums.cisco.com/docs/DOC-12690
  If you don't mind me asking why are you upgrading?
  Because of a fix or feature?

• ASA 5520: Configuring Active/Standby High Availability

  Hi,
  I am new to Cisco firewalls. We are moving from a different vendor to Cisco ASA 5520s.
  I have two ASA 5520s running ASA 8.2(5). I am managing them with ASDM 6.4(5).
  I am trying to setup Active/Standby using the High Availability Wizard. I have interfaces on each device setup with just an IP address and subnet mask. Primary is 10.1.70.1/24 and secondary is 10.1.70.2/24. The interfaces are connected to a switch and these interfaces are the only nodes on this switch. When I run the Wizard on the primary, configure for Active/Standby, enter the peer IP of 10.1.70.2 and I get an error message saying that the peer test failed, followed by an error saying ASDM is temporarily unable to connect to the firewall.
  I tried this using a crossover cable to connect the interfaces directly with the same result.
  Any ideas?
  Thanks.
  Dan

  The command Varun is right.
  Since you want to know a little bit more about this stuff, here goes a bit. Every interface will have a secondary IP and a Primary IP where the Active/Standby pair will exchange hello packes. If the hellos are not heard from mate, the the unit is delcare failed.
  In case the primary is the one that gets an interface down, it will failover to the other unit, if it is the standby that has the problem, the active unit will declare the other Unit "standby failed). You will know that everything is alright when you do a show failover and the standby pair shows "Standby Ready".
  For configuring it, just put a secondary IP on every interface to be monitored (If by any chance you dont have an available secondary IP for one of the interfaces you can avoid monitoring the given interface using the command no "monitor-interface nameif" where the nameif is the name of the interface without the secondary IP.
  Then put the commands for failover and stateful link, the stateful link will copy the connections table (among other things) to avoid downtime while passing from One unit to another, This link should have at least the same speed as the regular data interfaces.
  You can configure the failover link and the stateful link in just one interface, by just using the same name for the link, remember that this link will have a totally sepparate subnet from the ones already used in firewall.
  This is the configuration
  failover lan unit primary
  failover lan interface failover gig0/3
  failover link failover gig0/3
  failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
  failover lan unit secondary
  failover lan interface failover gig0/3
  failover link failover gig0/3
  failover interface ip failover 10.1.0.1 255.255.255.0 standby 10.1.0.2
  Make sure that you can ping each other secondary/primary IP and then put the command
  failover first on the primary and then on the secondary.
  That would fine.
  Let me know if you have further doubts.
  Link for reference
  http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a008080dfa7.shtml
  Mike

• IPS modules in Cisco ASA 5510 Active/Standby pair.

  All, I am looking to add the IPS module to my ASA 5510's. I am contemplating only purchasing one module and placing it in the active ASA. I am willing to accept that in a failure scenario I will loose the IPS functionality until the primary ASA is recovered. I have not had a chance to talk to my SE to see if this is even possible. Has anyone attempted a deployment such as this? Will it work and is it supported?
  Sent from Cisco Technical Support iPad App

  Ok, that is what I needed to know.  The purpose of us having an active/standby ASA is to keep the business up and going for the very rare times there could be an active ASA failure.  The purpose for the IPS would be to help protect and inspect traffic and is not necessary to keep the business running.  If we implement IPS I am not worried at all if during the times when the primary ASA is down (hasn't been down for over three years now) we lose the IPS funcationality.  This is not worth the $1000 extra per year to us.
  Thanks for the responses though.  That answers my questions.