03-21-2019 03:56 PM
I have a pair of 5220s configured with HA1, HA1 Backup, HA2, and HA2 Backup links in use. All HA links show to be up and running. I have left all of the other knobs for tuning link and path monitoring off, taking all of the defaults. No preemption, etc. I am running in an Active/Passive configuration.
When I disconnect HA1 and HA1 Backup, at nearly the same time, the Passive unit becomes Active, but the Active unit remains Active.
Then when I went further to disconnect HA2 and HA2 Backup, at nearly the same time, and still, the old Active unit remains Active.
Is this expected behavior?
Is there any way to monitor the links on the HA ports themselves? I do not see that as an option in the GUI.
Thank you.
Clarke
03-22-2019 03:14 AM
yes this is expected
HA1 is the brain of the operation, HA2 the brawn
Disconnecting both HA1 + HA1-b at the same time basically creates 2 separate brains: each peer has lost its link to the other, so primary thinks secondary is down, secondary thinks primary is down and becomes active
This scenario is therefore called 'split-brain'
Further disconnecting HA2 only severs the syncing of sessions, which will have seized already when both HA1 were disconnected
Whenever a HA link goes down, a critical event is created in the system log
It's highly recommended to set up log forwarding for critical events so you are notified immediately
03-22-2019 03:14 AM
yes this is expected
HA1 is the brain of the operation, HA2 the brawn
Disconnecting both HA1 + HA1-b at the same time basically creates 2 separate brains: each peer has lost its link to the other, so primary thinks secondary is down, secondary thinks primary is down and becomes active
This scenario is therefore called 'split-brain'
Further disconnecting HA2 only severs the syncing of sessions, which will have seized already when both HA1 were disconnected
Whenever a HA link goes down, a critical event is created in the system log
It's highly recommended to set up log forwarding for critical events so you are notified immediately
03-22-2019 08:06 AM
This is why you should build disparate redundancy between your firewalls if they are not directly connected.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
