Firewall two-node cluster hot backup (primary/secondary), start the backup wall at first, it will be failure

Publication Date:  2012-11-22 Views:  248 Downloads:  0
Issue Description
1, 2 sets of the firewall two-node cluster, primary/secondary mode operate, and connects with the core switch, which carries on the diversion.
2, simulate primary/secondary system breakdown, first start the backup wall, and the main wall does not power down, just pulls out business line, two tables heartbeat line still connect
3, the policy-based routing of core switch does not recover, the backup wall can't forward packets normally.
Alarm Information
None.
Handling Process
When start the backup wall and pull out the business line of main wall, at the same time need to pull out heartbeat line.
Root Cause
Due to the two-node cluster hot backup is primary/secondary mode, , mainly the main wall works, the main wall system breakdown and the backup wall hosting business, due to when the backup wall starts, the main wall doesn’t power outage, and heartbeat line is still there, only the business line is pulled out, then the backup wall still can through the heartbeat line detect to the main wall is online, so the backup wall still won’t handle packet, core switch consider that the main wall business has system breakdown, so the policy-based routing of the core switch will be still failure.
Suggestions
None.

END