No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

The Anomaly on the Standby Firewall Prevents Status Switchover After the Service Interface on the Active Firewall Is Faulty

Publication Date:  2019-01-24 Views:  212 Downloads:  0

Issue Description

After GigabitEthernet1/0/4 on the active firewall is faulty, traffic is not switched to the standby firewall.

Alarm Information

The active firewall has VRRP status change information and interface Down information.
2012-03-22 14:15:59 sysname %%01VRRP/4/STATEWARNING(1): Interface: GigabitEthernet1/0/1 , Virtual Router 1 : STANDBY changed to INITIALIZE!
2012-03-22 14:15:59 sysname %%01IFNET/4/LINK_STATE(1): Line protocol on interface GigabitEthernet1/0/4 has turned into DOWN state.

Handling Process

Step 1: Check firewall logs to confirm that the active/standby status was normal when the fault occurred.
Step 2: Run the display hrp group command to check the VGMP group priority of the two firewalls.
The priority of the active VGMP group on the active firewall is 64999, which is normal. The priority of the standby VGMP group on the standby firewall is 64996, indicating that two interfaces on the standby firewall are faulty. This causes the priority of the standby VGMP group to reduce by 4. The priority of the active VGMP group on the active firewall is higher than the priority of the standby VGMP group on the standby firewall, and therefore status switchover does not occur.
Step 3: Run the display hrp state command to check the hot standby status of the standby firewall.
HRP_S<sysname> display hrp state

The firewall's config state is: STANDBY
Current state of virtual routers configured as standby:
GigabitEthernet1/0/3.2 vrid 5 : initialize (down)
GigabitEthernet1/0/3.1 vrid 4 : initialize (down)
GigabitEthernet1/0/2 vrid 3 : standby
GigabitEthernet1/0/1 vrid 2 : standby
GigabitEthernet1/0/4 vrid 1 : standby
Two subinterfaces on the standby firewall are Down. The priority of the standby VGMP group is 64996 (65000 deducted by 4).
Step 4: Process the subinterface fault, so that the subinterface can be Up.

Root Cause

 Both firewalls are in active state.
 After the interface on the active firewall is faulty, its priority is still higher than the standby firewall.

Suggestions

The active/standby status of a firewall is determined by the priority of its VGMP group. Considering the priority calculation method, ensure that the standby VGMP group of the standby firewall has a smaller priority than the active VGMP group of the active firewall. Otherwise, the active firewall cannot switch to the standby state after it fails.

END