No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

FAQ-when Eudemon8080 don’t enable session immediate backup, which session won’t synchronize backup in two-node cluster

Publication Date:  2012-11-06 Views:  35 Downloads:  0
Issue Description
Q:
In the live network find when Eudemon8080 in two-node cluster Active - Active (not enabled session immediate backup) cases, the session number between master and slave have a difference about 200000-300000, and which session can't backup?
Alarm Information
none
Handling Process
A:
1, make sure the active/standby FW whether configure HRP mirror session enable command (whether enable session immediate backup), and the active/standby FW HRP synchronous state is normal or not
2, through elog to query, collect session record to analyze after two-node cluster HRP synchronize and do not enable session immediate backup, there are several types of message do not synchronize backup active/standby:
A, the session established when message to firewall itself will not make active/standby backup.
B, To some user Behavior only the first bag is UDP message (such as the Edonkey/Emule, Bittorrent), and then do not use UDP message to transmit data, this P2P behavior firewall will not make active/standby backup.
C, the session do not successfully complet TCP 3 way handshake will not make active/standby backup.
1, the session as long as complete TCP 3way handshake, or continuous hit session table UDP message will make active/standby backup.
2, when the user use P2P software, usually when first track seed (SEED, Torrent file), will use UDP message. When make sure the seed is Peer, will use TCP message to transfer data message. Suggest that can check session record of the firewall UDP message from the Elog, if find there are many UDP message stay in firewall in a very short time, it also means there are some UDP message of the above 2 (b) type exist in the live network, so lead to two-node cluster (Active - Active) appearing session number is inconsistent.
Root Cause
none
Suggestions
none

END