A/A failover "failover lan unit primary" vs "primary/secondary"

Hello

Can someone explain what is the purpose of the command 'failover lan unit primary' when we implement A/A failover?
I tried to understand its meaning by reading as many resources possible, but still I cannot make it clear into my mind.
From Cisco's config guides:
"Unlike Active/Standby failover, this designation does not indicate which unit becomes active when both units start simultaneously. Instead, the primary/secondary designation does two things:
•Determines which unit provides the running configuration to the pair when they boot simultaneously.
•Determines on which unit each failover group appears in the active state when the units boot simultaneously"

On the following link is mentioned the 'failover lan unit primary':
1 Determines which appliance provides the running configuration to the pair
2 On which appliance each failover group is active when they boot simultaneously
3 Determining on which appliance each failover group is active when both appliances start simultaneously is accomplished by configuring a primary or secondary appliance preference for each group
http://www.cisco.com/E-Learning/bulk/public/celc/Cisco_QLM6_ASA_beta/course_skin.html

Can someone explain me the difference between points 2 and 3?

Thank you in advance

Comments

  • Hello Narayan

     

    For your info, the bullets that I put in my post are copy-paste from the document you provided me :)

  • Hi,

    failover lan unit primary: This comman tells, this Appliance has the valid configuration and have to push on secondary unit, by default all appliances are designated as secondary unit.

    2 On which appliance each failover group is active when they boot simultaneously
    3 Determining on which appliance each failover group is active when both appliances start simultaneously is accomplished by configuring a primary or secondary appliance preference for each group

    We configure the failover group as follows:

    ASA1(config)# failover group 1
    ASA1(config-fover-group)# primary
    ASA1(config-fover-group)# preempt 100
    ASA1(config-fover-group)# exit
    ASA1(config)# failover group 2
    ASA1(config-fover-group)# secondary
    ASA1(config-fover-group)# preempt 100

    In this case ASA1 is primary for failover group 1 and secondary for group 2, so as soon as Appliances reboot, the device configured as a primary lan unit pushes it's configuration and checks for active/standby unit for each failover group.

    Better follow this link

    http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/ha_active_active.html

  • Hi Mike,

       Short answer: regardless of active/standby or active/active, yiu'll always have one active and one standby unit. We need to separate the active/standby from primary/secondary roles. When you configure the box anbd designate it as "primary", you'll end up configuring the primary, on secondary you type just the failover commands, configuration is pushed from primary. Later, after failover becomes functional you'll always configure the active unit (could be the primary or secondary) and configuration is pushed from active to standby. Another role of the "primary" device is to know which IP addresses will the active unit use (thos of the primary) and which MAC addresses will the active use (those of the primary, unless you configure VMAC). You''ll always use the MAC addresses of the primary box, unless the secondary box boots up before primary.

    Regards,

    Cristian.

  • The failover lan unit primary/secondary in A/A mode is used in regards to failover configuration. The primary unit will always replicate/push the configs to the secondary unit.

    What will determine if the unit is a primary or secondary for a given context is whether the failover group created is primary or secondary and which context you assign them to..

    HTH

    Good luck!

Sign In or Register to comment.