Connection Fails to be Set up Between the Active and Standby Nodes
Symptom
When the dual backup is configured, the connection between the active and standby nodes fails to be established.
Possible Causes
- The active and standby nodes cannot ping each other.
- The heartbeat IP address is incorrect.
- The certificate generation time on the active and standby nodes (that is, the system time configured for dual backup) is inconsistent.
A two-way authentication mode is used to set up the dual backup connection. The time to generate certificates between the two devices must be close (within the same day). Therefore, you need to configure time synchronization before exporting and importing certificates. The default validity period of certificates is 10 years. You need to set up a connection within the validity period.
Procedure
- Check whether the active and standby nodes can ping each other.
- If yes, go to the next step.
- If no, check the network and IP address configuration.
- Check whether the heartbeat IP addresses configured for the active and standby nodes are in the same network segment and not occupied. The IP addresses must be different.
- If the addresses are in the same network segment and not occupied, go to the next step.
- Otherwise, change the heartbeat IP addresses of the active and standby nodes to the IP addresses that are in the same network segment and are not occupied. In addition, the IP addresses must be different.
- Check whether the number of the heartbeat IP addresses configured on the active node is the same as that on the standby node. For example, if two heartbeat IP addresses are configured on one node, two heartbeat IP addresses must be configured on the other node.
- If yes, go to the next step.
- If no, change the number of the heartbeat IP addresses on the active node to be the same as that on the standby node.
- Check whether the certificate generation time (that is, the system time configured for dual backup) on the active and standby nodes is consistent.
Log in to the CLI of the device and run the date command to check the system time.
- If yes, go to the next step.
- If no, change the system time to ensure that the system time of the two devices is the same, and then trigger the two-node cluster parameter configuration again to generate a certificate.
- Contact Huawei technical support.