Failover actions – Cisco ASA 5505 User Manual
Page 1329
63-5
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 63 Configuring Active/Active Failover
Information About Active/Active Failover
•
The unit has a power failure.
•
The unit has a software failure.
•
You force a failover. (See
Failover is triggered at the failover group level when one of the following events occurs:
•
Too many monitored interfaces in the group fail.
•
You force a failover. (See
You configure the failover threshold for each failover group by specifying the number or percentage of
interfaces within the failover group that must fail before the group fails. Because a failover group can
contain multiple contexts, and each context can contain multiple interfaces, it is possible for all
interfaces in a single context to fail without causing the associated failover group to fail.
See the
“Failover Health Monitoring” section on page 61-14
for more information about interface and
unit monitoring.
Failover Actions
In an Active/Active failover configuration, failover occurs on a failover group basis, not a system basis.
For example, if you designate both failover groups as active on the primary unit, and failover group 1
fails, then failover group 2 remains active on the primary unit while failover group 1 becomes active on
the secondary unit.
Note
When configuring Active/Active failover, make sure that the combined traffic for both units is within the
capacity of each unit.
shows the failover action for each failure event. For each failure event, the policy (whether
or not failover occurs), actions for the active failover group, and actions for the standby failover group
are given.
Table 63-2
Failover Behavior for Active/Active Failover
Failure Event
Policy
Active Group
Action
Standby Group
Action
Notes
A unit experiences a power or
software failure
Failover
Become standby
Mark as failed
Become active
Mark active as
failed
When a unit in a failover pair fails,
any active failover groups on that
unit are marked as failed and
become active on the peer unit.
Interface failure on active failover
group above threshold
Failover
Mark active
group as failed
Become active
None.
Interface failure on standby failover
group above threshold
No failover No action
Mark standby
group as failed
When the standby failover group is
marked as failed, the active failover
group does not attempt to fail over,
even if the interface failure
threshold is surpassed.
Formerly active failover group
recovers
No failover No action
No action
Unless failover group preemption is
configured, the failover groups
remain active on their current unit.