This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Azure HA Failover not working

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Azure HA Failover not working

RyanJohnstone1144
L1 Bithead

‎10-22-2020 02:13 AM

Hello,

 

We have a pair of VM300 PAs in Azure set up in Active-Passive.  They are running 9.0.7 code with VM Series plug in 1.0.8. 

 

There was an issue in Azure on 19/10/20 which caused a failover and recovery (we use pre-emption).  Post this issue the PAs were up and running but not passing traffic.  we found that the secondary IP addresses (i.e. floating IPs) had been moved to the Azure VM for the Passive firewall (PA2).  Hence no traffic flowing as this firewall was passive.  We failed from the Active (PA1) over to this Firewall (PA2) and some traffic started to flow but everything was incredibly slow.  we tried restarting VMs, failing back over, etc but nothing would change the state of the secondary IP addresses, they were locked to PA2.

 

Eventually we completely powered down the VM which was running PA1 and things started to run ok again.  we then configured PA2 to always be Active and powered PA1 back up.  PA1 came back up, re-established HA and things were running fine, PA2 Acitve, PA1 Passive.  We then suspended PA2 to trigger failover and again we had issues with secondary addresses.  The secondary addresses on the untrust VM interface floated over to PA1 correctly, but the secondary address on Trust VM interface disappeared completely from both PA1 and PA2.  No failovers, restarts etc recovered this address.

 

We powered down PA2 and had to manually re-create the secondary address on Trust on PA1 to restore service.  this is the state we are now in.

 

can someone please assist / recommend next steps?  Failover it seems is broken.

 

thanks

 

Ryan

 

 

 

 

 

 

 

 

 

 

 

0 Likes Likes
7 REPLIES 7

RyanJohnstone1144
L1 Bithead
In response to JoshuaKovach

‎08-31-2021 01:24 AM

HI there, no solution no.  am pending some assistance from PA TAC once i can arrange an outage.  We have tried multiple code versions and plug ins but problem remains.  i will update once i have an update, hopefully in the coming month.

0 Likes Likes

RyanJohnstone1144
L1 Bithead
In response to JoshuaKovach

‎10-06-2021 08:51 AM

still no "solution" to this but carried out a controlled failover last week and it worked, first time it has worked as it should have done since the PAs were stood up about 2 years ago.  FYI the code we are on is 9.0.13 Azure plugin 1.0.13.

 

have some upgrades coming up over next few months to get to 9.1 so be interesting to see if any issues occur then.  otherwise can only assume something was fixed in the background Azure end or maybe i just got lucky...

0 Likes Likes

JimMcGrady
L3 Networker

‎12-16-2021 11:10 PM

I have always found this failover mechanism within Azure to be impractically slow. I look forward to the day when it improves.

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks