Active/Pasive HA with LAG to Virtual Chassis = Dropped Packets?

Good afternoon,

I tried to deploy a Active/Passive cluster yesterday with only partial success!

Things didn't work as expected. Sessions were forming but servers would work intermittently. At times it would change so that what was working, stopped, and what wasn't, started. Some services worked fine for some people throughout. And for others nothing worked. After 45 minutes of trying various things we rolled back and I got to wondering what I'd missed...

In the lab I'd modelled the set up fairly closely to the real world scenario;

• I have a total of 4 BGP peers - 2 for each device that sit in the "Internet" zone on interfaces 1/1, 1/2, 1/3, 1/4 (1/1 & 1/3 are up on Active and 1/2 & 1/4 are ready to go up on the Passive in case of a fail over scenario)
• We accept only a default route (0/0) and announce only 1 prefix. BGP/Routing worked in both the lab and the real world.
• 3 ports per device form part of an aggregated Ethernet bundle, "AE1", making up the "Trust" zone. (1/5, 1/7, 1/9)
• The AE1 bundle mounts a number of L3 subnets that act as default gateways for downstream servers.
• The AE1 bundle connects from each PAN device to an EX4200 virtual switch stack running a single AE bundle, "AE11". (Not modelled in lab)
• There is no routing occurring on the switch fabric.
• There are no "Deny" rules - only a default Any/Any/Any "Allow" rule.
• There are no fail over rules enabled.

Things I tried

1. Disabled Jumbo frames - didn't need them anyway, was a relic from an earlier Active/Active setup.
2. Changed "Passive link state" to "Shutdown" from "Auto"

My current working theory is that having both PAN devices (even though one is shutdown/passive) connected to the switch fabric over a single AE bundle caused traffic to get lost at L2. Is this possible? Perhaps I've missed something else. Either way I'd love to know what I got wrong and how it can be fixed.

Thanks for your time,

Simon