MicroNugget: ASA Active/Standby Failover

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

active standby failover if we need fault tolerance inside of a system it usually involves two devices by implementing to a si firewalls in an active standby failover configuration we can provide that fault tolerance for our network in this micro nugget we're going take a look at exactly that what is it that users really want from the networks I've discovered it's two basic things they want the network to work and they want it to be fairly fast so when this user goes out to the internet they expect it just to happen now behind the scenes if we want that to happen even though there's a fault we can implement some fault tolerance by having redundant systems and that's what active standby failover is all about now to do this the ingredients that go in the recipe for active standby failover is you need two firewalls so why buy one when you can buy two at twice the price so you get two firewalls and you configure one is primary and one is secondary now on a good day when these both boot up they chat with each other the primary one is going to take the role of being active now it's good to be active it's good to exercise is good to move and then standby active step I failover active simply means this is the a si that's doing the forwarding so when Bob goes out to CBT Nuggets calm it's this firewall in measurable terms that's forwarding the packet and maintaining the session state table so the reply traffic can come back so what does this guy doing this is the job that a lot of people wish they had being the secondary he doesn't do a lot of anything except make sure that the active system is okay and still forwarding traffic he takes the role of something called standby you mean as in standby and watch the other guy work yes that's exactly what it is so this standby unit is simply checking the interfaces they're checking across the failover cables just to make sure the other guy's fine and if he's fine he just sits there as a backup now if something bad happens for example so he just powers off the system what happens in the background before that occur before the failure the stateful information can be replicated from the active firewall to the standby so if Bob had a translation going through the firewall layer-3 or if he had some sessions that were open and the reply traffic was coming back all of that real-time can be replicated to this standby unit so that the standby has to go active because this guy up here went away somebody powered them off accidentally or at has system failure Bob won't be interrupted he can still forward traffic so in this micro nugget we're going to take a look at what is active standby failover which is exactly that where we have two devices one's active one standby if there's a problem they revert roles so the secondary would become active and how do we confirm a failover state let's take a look at that let's bring up a command line interface for these ASAS and here is a si one and here's a si two now if you look at them they both have the same hostname and that's because the configurations are replicated however I've set up the prompt to indicate that this is the primary unit and this is the secondary unit and currently the primary is active and the secondary is acting in standby to verify their state besides just changing the prompt you could also a show failover and that would show us and has besides of a ton of information it says this host is the primary device that is currently active the other host is the secondary device and it's currently in a standby state so let's test this out if we brought up a browser and this is a great example of it so here we have a website CBT Nuggets calm and let's do a quick ping as well so in RAM a command prompt and - a ping out 28.8 date today so the ping is functioning it's going through the active firewall at the moment no problem whatsoever we can also open up a video we'll go to this one out here the first one and then that turn off the audio so so you can listen to me and not it so this is playing the audio and it's going to queue up right here we can see the actual caching of the play before it gets there now we wanted to I'm going to go ahead leave that playing we go in the background and on the active device right here in fact before we do that I've got a few extra moments I'm going to go ahead and show you a really awesome thing right now we are synchronizing all the connections and translations between the two firewalls in case there's a failure so if we do a show X late which is how you ask an essay to show us the translations this is on the first a essay and this is the second a essay so I did a chat to all tabs for the same command so you notice they both have the translation of this inside pc going out to CBT Nuggets website and check this out if we do a show Khan has the connections so the connections here should reflect the connections here so they go back and forth because both firewalls know about all the connections and everything else one's active one standby if I rebooted the active device we should still be in good shape so let's go ahead and take the active device and say goodbye okay I'm going to do it right just to make sure I save my config that right by the way will also cause a write on the secondary unit ant which is acting as he standby and let's reload him so he is now gone now we take a look at the standby unit here he is polling every second to the act or what was the active unit and in just a moment he's going to realize oh no the active unit is no longer responding I better change and here we go so we're switching to active mode and if you notice the prompt changed so back at the client the video is still running and because of the buffering that this is a YouTube channel just because of the buffering the user wouldn't even notice the few seconds it took for the failover to occur because of the caching that's involved so in this micro nugget we took a look at the concept of active standby failover with one device being active the other right device being a standby if there's a problem or the other one gets rebooted or there's an issue the role can switch and the one that was standby can then become active and take over the role of forwarding traffic on the network we also took a look at how to confirm the state of a failover device with show failover and then we also forced a failover by simply taking the primary and rebooting him by doing the reboot the secondary firewall which was currently standby didn't see the poll messages being responded to and said oh the other guy must have a problem and went active I hope this has been informative for you and I'd like to thank you for viewing

Info

Channel: Keith Barker

Views: 34,431

Rating: undefined out of 5

Keywords: Micro Nugget, micronugget, CBT Nuggets, computer based training, cbt, asa standby failover, failover cables, ha, high availability, HA on the firewall, failover state, forcing failover, cisco, cisco training, config, it training, active standby failover, fault tolerance, networks, redundant systems, 2 firewalls, two firewalls, primary firewall, secondary firewall, dmz, Cisco Systems (Organization)

Id: nGVjuxiyzog

Channel Id: undefined

Length: 6min 41sec (401 seconds)

Published: Wed Mar 27 2013