Installation guide
11-3
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 11 Configuring High Availability
Understanding ACE Redundancy
Note When you upgrade or downgrade the ACE from one software version to another, there is a point
in the process when the two ACEs have different software versions and, therefore, a software
incompatibility. When the Standby Warm state appears, this means that the active ACE will
continue to synchronize configuration and state information to the standby even though the
standby may not recognize or understand the software commands or state information. This
standby state allows the standby ACE to come up with best-effort support.
Redundancy Protocol
You can configure a maximum of two ACE appliances (peers) for redundancy. Each peer appliance can
contain one or more fault-tolerant (FT) groups. Each FT group consists of two members: one active
context and one standby context. An FT group has a unique group ID that you assign.
Note For the replication process to function properly and successfully replicate the configuration for a user
context when switching from the active context to the standby context, ensure that each user context has
been added to the FT group. All applicable user contexts must be part of an FT group for redundancy to
function properly.
One virtual MAC address (VMAC) is associated with each FT group. The format of the VMAC is
00-0b-fc-fe-1b-groupID. Because a VMAC does not change upon switchover, the client and server ARP
tables does not require updating. The ACE selects a VMAC from a pool of virtual MACs available to it.
For more information, see Configuring Virtual Contexts, page 4-7.
Each FT group acts as an independent redundancy instance. When a switchover occurs, the active
member in the FT group becomes the standby member and the original standby member becomes the
active member. A switchover can occur for the following reasons:
• The active member becomes unresponsive.
• A tracked host or interface fails.
• You force a switchover for a high availability group by clicking Switchover in the ACE HA Groups
table (see Switching Over a High Availability Group, page 11-16).
To outside nodes (clients and servers), the active and standby FT group members appear as one node
with respect to their IP addresses and associated VMAC. The ACE provides active-active redundancy
with multiple contexts only when there are multiple FT groups configured on each appliance and both
appliances contain at least one active group member (context). With a single context, the ACE supports
active-backup redundancy and each group member is an Admin context.
The ACE sends and receives all redundancy-related traffic (protocol packets, configuration data,
heartbeats, and state replication packets) on a dedicated FT VLAN. You cannot use this dedicated VLAN
for normal traffic.
To optimize the transmission of heartbeat packets for multiple FT groups and to minimize network
traffic, the ACE sends and receives heartbeat messages using a separate process. The ACE uses the
heartbeat to probe the peer ACE, rather than probe each context. When an ACE does not receive a
heartbeat from the peer ACE, all the contexts in the standby state become active. The ACE sends
heartbeat packets over UDP. You can set the frequency with which the ACE sends heartbeat packets as
part of the FT peer configuration. For details about configuring the heartbeat, see Configuring High
Availability Peers, page 11-8.