Cisco Systems CL-28826-01 Active/Active Failover

49-3

User Guide for Cisco Security Manager 4.4

OL-28826-01

Chapter4 9 Configuring Failover

Understanding Failover

In addition, failover can be stateless or stateful:

•Stateless – Also referred to as “regular” failover. With stateless failover, all active connections are

dropped when failover occurs. Clients need to re-establish connections when the new active unit

takes over.

•Stateful – The active unit in the failover pair continually passes per-connection state information to

the standby unit. When failover occurs, the same connection information is available on the new

active unit. Supported end-user applications are not required to reconnect to maintain the current

communication session.

See Stateful Failover, page 49-4 for more information.

Related Topics

•Chapter 49, “Configuring Failover”

•Basic Failover Configuration, page49-5

•Failover Policies, page 49-10

Active/Active Failover

Active/Active failover is available only on security appliances operating in multiple-context mode. In an

Active/Active failover configuration, both security appliances inspect network traffic, on a per-context

basis. That is, for each context, one of the appliances is the active device, while the other is the standby

device.

The active and standby roles are assigned over the complete set of security contexts, more or less

arbitrarily.

To enable Active/Active failover on the security appliance, you must assign the security contexts to one

of two failover groups. A failover group is a simply a logical group of one or more security contexts.

You should specify failover group assignments on the unit that will have failover group 1 in the active

state. The admin context is always a member of failover group 1. Any unassigned security contexts are

also members of failover group 1 by default.

As in Active/Standby failover, each unit in an Active/Active failover pair is given a primary or secondary

designation. Unlike Active/Standby failover, this designation does not indicate which unit is active when

both units start simultaneously. Each failover group in the configuration is given a primary or secondary

role preference. This preference determines the unit on which the contexts in the failover group appear

in the active state when both units start simultaneously. You can have both failover groups be in the active

state on a single unit in the pair, with the other unit containing the failover groups in the standby state.

However, a more typical configuration is to assign each failover group a different role preference to make

each one active on a different unit, balancing the traffic across the devices.

Note To reliably manage security contexts in Active/Active failover mode, Cisco Security Manager requires

an IP address for the management interface of each context so that it can communicate directly with the

active security context of a failover pair.

Initial configuration synchronization occurs when one or both units start. This synchronization occurs

as follows:

•When both units start simultaneously, the configuration is synchronized from the primary unit to the

secondary unit.