topic Re: HA link port failures and failover in General Topics

HA link port failures and failover

ClarkeMorledge — Thu, 21 Mar 2019 22:56:50 GMT

I have a pair of 5220s configured with HA1, HA1 Backup, HA2, and HA2 Backup links in use. All HA links show to be up and running. I have left all of the other knobs for tuning link and path monitoring off, taking all of the defaults. No preemption, etc. I am running in an Active/Passive configuration.

When I disconnect HA1 and HA1 Backup, at nearly the same time, the Passive unit becomes Active, but the Active unit remains Active.

Then when I went further to disconnect HA2 and HA2 Backup, at nearly the same time, and still, the old Active unit remains Active.

Is this expected behavior?

Is there any way to monitor the links on the HA ports themselves? I do not see that as an option in the GUI.

Thank you.

Clarke

Re: HA link port failures and failover

reaper — Fri, 22 Mar 2019 10:14:19 GMT

yes this is expected

HA1 is the brain of the operation, HA2 the brawn

Disconnecting both HA1 + HA1-b at the same time basically creates 2 separate brains: each peer has lost its link to the other, so primary thinks secondary is down, secondary thinks primary is down and becomes active

This scenario is therefore called 'split-brain'

Further disconnecting HA2 only severs the syncing of sessions, which will have seized already when both HA1 were disconnected

Whenever a HA link goes down, a critical event is created in the system log

It's highly recommended to set up log forwarding for critical events so you are notified immediately

Re: HA link port failures and failover

jeremy.larsen — Fri, 22 Mar 2019 15:06:48 GMT

This is why you should build disparate redundancy between your firewalls if they are not directly connected.