i have question about Failover. My customer ask about they received mail alert from appliance. information following as below.
2018-01-22 10:21:46+07:00ICT "Failover: State changed from 'BACKUP' to 'MASTER' for group '10.0.1.201'" 0 4B0005:96 Mailed sgrp_worker.cpp:473
2018-01-22 10:21:47+07:00ICT "Failover: State changed from 'MASTER' to 'BACKUP' for group '10.0.1.201'" 0 4B0005:96 Mailed sgrp_worker.cpp:473
this event just one second for state change happened. they check on switch network don't have any issue on that time.
or this event happened because appliance have process for check connection between Master and Backup. please recommend about this event.
thank you so much for your help.
Howdy Chakuttha! This KB article provides some more details about failover, including some timing:
The main headache with failover is the network between the ProxySG's. Some networks manage to loose the multicast packets and then you will see similar issues.
To investigate I suggest you do a packet capture on the multicast IP address over a long period and check if you miss updates there. Do this on ALL nodes of a failover group.
Failover happens when the device fail to receive the multicast from the current MASTER x 3 times the time interval set. The messages seems to be from Backup device. Can you check on what is set as the interval in the failover for both Master and Backup. Share a screenshot of the Failover settings if possible from both.
Yes, you can set the filter "ip host 220.127.116.11" to capture the traffic over this multicast address which for the VIP 10.0.1.201. You will have to run this on both the proxies at the same time. Start the capture and wait till the failover to happen. Stop the pcap and in that you might be able to find missing multicast packets
Can you post the Failover configuration of the other proxy too? Also I have sent you a private message. Do check that
The configuration is identical and is the expected way. Since the timeout for "10.0.1.201" is set as 5 seconds on both, the BACKUP will wait for 5 x 3 = 15 seconds for receiving multicast packet from MASTER. If there is none for 15 seconds, it will start acting as MASTER. For the eventlog entry you have given, these seems to be missing multicast for 15 seconds and just after the BACKUP turned to MASTER, the multicast packet reached. This then made the device to go back to BACKUP state again. If this is only happened one time, then it can be ignored. Possibly the multicast packet got lost for some reason. If this flapping is happening very frequently, then we me need to find whether the multicast packet is getting dropped frequently or not. Do check the eventlog of the BACKUP device to see whether the issue is happening now also or not.
Thank you so much
Thank you so much for your recommend.
about failover setting please see from below;
!- BEGIN networking
interface 0:0 ;mode
ip-address 10.0.1.203 255.255.255.0
virtual-ip address 10.0.1.201
virtual-ip address 10.0.1.202
ip-default-gateway 10.0.1.1 1 100
packet capture use function on Proxy and filter only Multicast IP right ?
Failover Configuration both of Proxy please see from attach files.