11-5
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 11 Configuring High Availability
Understanding ACE Redundancy
Fault-Tolerant VLAN
Redundancy uses a dedicated fault-tolerant VLAN between redundant ACEs to transmit flow-state
information and the redundancy heartbeat. Do not use this dedicated VLAN for normal network traffic.
You must configure this same VLAN on both peer ACEs. You also must configure a different IP address
within the same subnet on each ACE for the fault-tolerant VLAN.
The two redundant ACEs constantly communicate over the fault-tolerant VLAN to determine the
operating status of each ACE. The standby member uses the heartbeat packet to monitor the health of
the active member. The active member uses the heartbeat packet to monitor the health of the standby
member. Communications over the switchover link include the following data:
• Redundancy protocol packets
• State information replication data
• Configuration synchronization information
• Heartbeat packets
For multiple contexts, the fault-tolerant VLAN resides in the system configuration data. Each
fault-tolerant VLAN on the ACE has one unique MAC address associated with it. The ACE uses these
device MAC addresses as the source or destination MACs for sending or receiving redundancy protocol
state and configuration replication packets.
Note The IP address and the MAC address of the fault-tolerant VLAN do not change at switchover.
Configuration Synchronization
For redundancy to function properly, both members of an fault-tolerant group must have identical
configurations. Ensure that both ACE appliances include the same bandwidth software license (2G or
1G) and the same virtual context software license. If there is a mismatch in software license between the
two ACE appliances in an FT group, the following operational behavior can occur:
• If there is a mismatch in virtual context software license, synchronization between the active ACE
and standby ACE may not work properly.
• If both the active and the standby ACE appliances have the same virtual content software license
but have a different bandwidth software license, synchronization will work properly but the standby
ACE may experience a potential loss of traffic on switchover from the 2G ACE appliance to the 1G
ACE appliance.
See the Administration Guide, Cisco ACE Application Control Engine for details about the available
ACE software licenses.
The ACE automatically replicates the active configuration on the standby member using a process called
configuration synchronization (config sync). Config sync automatically replicates any changes made to
the configuration of the active member to the standby member. After the ACE synchronizes the
redundancy configuration from the active member to the standby peer, it disables configuration mode on
the standby. See Synchronizing High Availability Configurations with ACE Appliance Device Manager,
page 11-6.
Comments to this Manuals