Troubleshooting guide

ManualsBrandsBay Networks ManualsComputer equipmentBayRS

101

102

103

104

105

106

107

108

109

110

Chapter 9 Troubleshooting Active Network Management Synchronization and High Availability

Advanced Technical Reference Guide 4.1 • June 2000 99

• User Authentication

• Accounting

What Tables are synchronized

Not all tables are synchronized. In general, during fail-over, all the tables in the VPN/FireWall kernel that are

signed with the keyword "sync" will be synchronized.

To check which tables are synchronized during fail-over, issue the fw tab -t <table name> command,

and look for the sync keyword in the attributes line.

For example: fw tab -t connections

Output:

--------------------Connections-------------------

attributes : refresh, sync , expires 60, free function 4229871264 4, kbuf 1,

hashsize 16384

Connection = dynamic refresh

Sync expires

TCP_START_TIMEOUT

Expcall KFUNC_CONN_EXPIRE

Kbuf 1 hashsize 8192;

Troubleshooting Synchronization

Use fw tab to verify that entries are really synchronized.

Use fwd –d to get debugging information from the two FireWall fwd daemons.

See also “Debugging High-Availability” on page 106.

Synchronization Tests

# Test Description Test Configuration Expected result Remarks

Run the fw sync command

between cluster machines. The

fw sync function is generated

after initiating the fw putkey

command between the

modules. To check if the fw

sync is running, run the

fw ctl pstat command.

(fw sync is one of the

components of fwd)

NT or Solaris machines

in High Availability

(High Availability (HA))

cluster

The sync should

report no errors

2 Run the fail-over tests (see

Troubleshooting Fail-Over on

page 103) with synchronization

operational.

NT or Solaris machines

in High Availability (HA)

cluster (Primary or

ACTIVE-up)

Opened connections

shouldn't be lost

during fail-over.

Check that the

sync holds in

cases of more

than one

concurrent fail-

over.