I got it for free at http://come.to

Not fully complete, Local Director information page.

[email protected] Feel free to email me with any suggestions or corrections. Thanks

Watch an overview of the Cisco Local Director from Cisco.

Useful Local Director commands:

show failover I have time to read.

show virtual

show real

show arp

show interface

Failover Information
This command will give you information on which IP address is configured on the Local Director (the Local Director's own IP, not that of the Virtuals...), how long each have been the Active Local Director, and the State of each Local Director (Active, Failed, Standby).

> show failover
Failover On
Cable status: Normal
        This host: Primary - Standby 
                Active time: 0 (sec)
                Interface 1 (205.181.112.192): Normal 
                Interface 0 (205.181.112.192): Normal 
        Other host: Secondary - Active 
                Active time: 2310300 (sec)
                Interface 1 (205.181.112.191): Normal 
                Interface 0 (205.181.112.191): Normal 
>

This shows that the Active IP address is 205.181.112.191 and that the Secondary has been Active for 26 days.

Displaying the Syslog Buffer
This command will show you a backlog of syslog information for this Local Director. It doesn't keep the timestamps, so it's pretty useless if you want to know when something happened. Hopefully your syslog server (Log Host) will keep track of that for you.

> show syslog
    OUTPUT ON (23.7)
    CONSOLE OFF
    Log Hosts:
        199.94.217.15
<186> : Enabling Failover.
<189> Virtual machine '205.181.113.65 0' edited from Out Of Service to In Service
<189> Virtual machine '205.181.112.65 443' edited from Out Of Service to In Service
<189> Virtual machine '205.181.112.68 80' edited from Out Of Service to In Service
...
<189> Real machine '205.181.112.24 0' edited from Out Of Service to In Service
              
>

Since we don't have timestamps, I'm not sure if the top of the syslog output is the most recent output, or the oldest. If it's the oldest, that's no fun because then you have to scroll all the way down to reach the newest lines.

LocalDirector Hot-Standby Failover

Failover provides a mechanism for LocalDirector to be redundant by allowing two identical units to serve the same functionality. One LocalDirector unit is considered the "primary" unit while the other is considered the "secondary" unit (determined by the failover cable). The primary unit is also the active unit by default, and it performs normal network functions while the backup unit (standby) only monitors, ready to take control should the active unit fail.

The two units must be running the same version of software (1.6 or later). Configuration replication will occur under the following conditions:

When the Standby unit completes its initial boot-up the Active unit will replicate its entire configuration to the Standby unit.
As commands are entered on the Active unit they are sent across to the Standby unit. (The commands are sent via the failover cable.)
Entering the write standby command on the Active unit forces the entire configuration to the Standby unit.

The active unit uses the system IP address and the MAC address of the primary unit. The standby unit uses the failover IP address and the secondary MAC address. Because the active unit uses the same IP and MAC addresses (regardless of which physical unit it is), no ARP entries need to change or timeout anywhere on the network.

Failover monitors failover communications, the power status of the other unit, and hello packets that are received on each interface. A failure of any of these parameters on the active unit will cause the standby unit to take active control. The standby unit assumes the active role using the system IP address and the primary MAC addresses. When a failure or switch occurs SYSLOG messages are generated indicating the cause of the failure.

To take a unit out of the "failed" state, cycle the power or use the failover reset command. When a failed primary unit is fixed and brought back on line it will not automatically resume as the active unit. This ensures that active control will not resume on a unit that could immediately enter a failed state again. However, if a failure is due to a lost signal on a network interface card, failover will "auto-recover" when the network is available again.

Use the failover active command to initiate a failover switch from the standby unit, or the no failover active command from the active unit to initiate a failover switch. You can use this feature to return a failed unit to service, or to force an active unit offline for maintenance. Because the standby unit does not keep state information on each connection, all active connections will be dropped and must be re-established by the clients.

Note Because configuration replication is automatic from the active unit to the standby unit, configuration changes should only be entered from the active unit.

With LocalDirector version 1.6.3, failover works in a switched environment.

Failover also works with the FDDI interface.

Failover Setup

Attach the end of the cable labeled "Primary" to the unit that will be the primary unit. Attach the other end to the secondary unit. Connect interface 0 on both LocalDirector units to the hub or switch that goes to the outside network, and connect interface 1 on both LocalDirector units to the hub or switch that connects to your servers.

Use the failover ip address command to set the IP address for the standby unit.

The show failover command indicates the status of the connection and which unit is active. The show ip address command shows the current IP address of the unit. If the unit is active the system IP address is displayed, and if the unit is standby the failover IP address is displayed.

Failover Interface Tests

If a failure is due to a condition other than a loss of power on the other unit, failover will begin a series of tests to determine which unit is failed. This series of tests will begin when hello messages are not heard for two consecutive 15-second intervals. Hello messages are sent over both network interfaces and the serial cable.

The purpose of these tests is to generate network traffic in order to determine which (if either) unit is failed. At the start of each test, each unit clears its received packet count for its interfaces. At the conclusion of each test, each unit looks to see if it has received any traffic. If it has, the interface is considered operational. If one unit receives traffic for a test and the other unit does not, the unit that received no traffic is considered failed. If neither unit has received traffic, they go to the next test.

Note If the failover IP address has not been set, failover will not work and the Network Activity, ARP, and Broadcast ping tests are not performed.

Link Up/Down test

: This is a test of the NIC card itself. If an interface card is not plugged in to an operational network, it is considered failed (for example, the hub or switch is failed, has a failed port, or a cable is unplugged).

Network Activity test

: This is a received network activity test. The unit will count all received packets for up to 5 seconds. If any packets are received at any time during this interval the interface is considered operational and testing stops. If no traffic is received, the ARP test begins.

ARP test

: The ARP test consists of reading the units ARP cache for the 10 most recently acquired entries. One at a time the unit sends ARP requests to these machines attempting to stimulate network traffic. After each request the unit counts all received traffic for up to 5 seconds. If traffic is received, the interface is considered operational. If no traffic is received, an ARP request is sent to the next machine. If at the end of the list no traffic has been received, the test moves to the ping test.

Broadcast Ping test

: The ping test consists of sending out a broadcast ping request. The unit then counts all received packets for up to 5 seconds. If any packets are received at any time during this interval the interface is considered operational and testing stops. If no traffic is received the testing starts over again with the ARP test.

Failover SYSLOG Messages

In the messages that follow, P|S can be either Primary or Secondary depending on which LocalDirector is sending the message. Failover messages always have a SYSLOG priority level of 2, which indicates critical condition. All failover SYSLOG messages are also sent as SNMP SYSLOG traps.

To receive SNMP SYSLOG traps (SNMP failover traps), you must configure the SNMP agent to send SNMP traps to SNMP management stations, define a SYSLOG host, and also have compiled the Cisco SYSLOG MIB into your SNMP management station.

The SYSLOG messages sent to record failover events are:

System okay messages:
- "P|S: Cable OK."
- "P|S: Disabling failover." The no failover command was entered.
- "P|S: Enabling Failover." Either a LocalDirector is booting that has the failover command in its configuration file or the failover command was just entered in the current configuration.
- "P|S: Mate ifc number OK." The interface (ifc) is now working correctly after being brought back online after a failure. The number corresponds to the physical interface number labeled on the back panel.
- "P|S: Monitoring on interface normal." Monitoring on this interface has started, and all operations of failover are normal.
Cabling problem messages:
- "P|S: Bad cable." The cabl e is connected on both units, but is not a Cisco failo ver cable or has developed a wiring problem.
- "P|S: Cable not connected my side." The cable on the current LocalDirector is not connected.
- "P|S: Cable not connected other side." The cable on the current unit is connected, but the connector on the other unit is disconnected.
- "P|S: Error reading cable status." The cable state cannot be determined. Ensure that you are using a Cisco failover cable and all connectors are securely attached.
Failure in process messages:
- "P|S: Monitoring on interface waiting." This means that the mentioned interface has not yet heard 2 hello packets from the other unit. Failover monitoring on the interface has not started.
- "P|S: Lost Failover communications with mate on interface ." This means that 2 consecutive hello packets have not been heard on this interface. This will result in testing of that interface and the failure of one of the units.
- "P|S: Testing Interface ." The unit has detected a problem on that interface and is performing testing to determine if the problem is with itself or with the other unit. This will result in the failure of one of the units.
- "P|S: Testing on interface ." The results of the testing.
- "P|S: Link status Down on interface ." The interface has been forced down, or is not plugged in to an operational port. This will result in the failure of this unit.
- "P|S: No response from mate." The other LocalDirector has not responded in the last 30 seconds over the failover cable.
- "P|S: Power failure other side." The other unit has lost power.
- "P|S: Mate ifc number failed." The interface (ifc) for the other unit failed.
- "P|S: Mate says I'm failed." This unit has been determined failed by the other unit.
- "P|S: Mate reporting failure." The other unit has failed itself.
Status messages:
- "P|S: Switching to FAILED." The unit has entered a failed state.
- "P|S: Switching to ACTIVE." The unit has brought the network back online and is receiving connections. This message also occurs if you force a unit to active with the failover active command, or forced the other unit inactive with the no failover active command.
- "P|S: Switching to STANDBY." The active unit has switched to the standby mode. This could be due to a failure, or be a result of entering no failover active on the active unit or failover active on the standby unit.
- "P|S: Switching to OK." The unit has been cleared of any failures with the failover reset command and is restarting failover.
Configuration replication messages:
- "P|S: Begin Configuration Replication: Receiving from mate." This is the standby unit and it is being configured by the active unit.
- "P|S: Begin Configuration Replication: Sending to mate." This is the active unit and it is configuring the standby unit.
- "P|S: End Configuration Replication." Configuration replication is complete.
- "WARNING Configuration replication is NOT performed from Standby unit to Active unit." The configuration you are performing is not being replicated on the active unit.
- "Configuration replication to Standby unit FAILED for command." An error occurred during configuration replication.

Show Failover Output

The following is the normal output of the show failover command. Note that the IP address that each unit is using is displayed.

ld-prim(config)# show failover
        Failover On
Cable status: Normal
                This host: Primary - Active
                        Active time: 6885 (sec)
                        Interface 0 (192.168.89.1): Normal
                        Interface 1 (192.168.89.1): Normal
                Other host: Secondary - Standby
                        Active time: 0 (sec)
                        Interface 0 (192.168.89.2): Normal
                        Interface 1 (192.168.89.2): Normal

Failover will not start monitoring the network interfaces until it has heard the second hello packet from the other unit on that interface. This should happen within 30 to 60 seconds.

If the unit is attached to a switch running spanning tree, this will take twice the forward delay time configured in the switch (typically 15 seconds) plus 30 seconds. This is because at bootup (and immediately following a failover event) the network switch will detect a temporary bridge loop. When this bridge loop is detected, the switch will stop forwarding packets for the duration of the forwarding delay time. It will then enter "listen" mode for an additional forward delay time during which time the switch is listening for bridge loops but still not forwarding traffic (and thus not forwarding failover hello packets).

After twice the forward delay time (30 seconds) traffic should resume. The LocalDirector will remain in "waiting" mode until it hears two hello packets (1 every 15 seconds for a total of 30 seconds). During this time the LocalDirector is passing traffic, and it will not fail the unit based on not hearing the hello packets. All other failover monitoring is still occurring (power, interface, and failover cable hello).

Note If a failover IP address has not been entered, show failover will display 0.0.0.0 for the IP address, and monitoring of the interfaces will remain in "waiting" state. A failover IP address must be set in order for failover to work.

The following example shows the output if failover has not started monitoring the network interfaces:

ld-prim(config)# show failover
        Failover On
Cable status: Normal
                This host: Primary - Active
                        Active time: 6930 (sec)
                        Interface 0 (192.168.89.1): Normal (Waiting)
                        Interface 1 (192.168.89.1): Normal (Waiting)
                Other host: Secondary - Standby
                        Active time: 15 (sec)
                        Interface 0 (192.168.89.2): Normal (Waiting)
                        Interface 1 (192.168.89.2): Normal (Waiting)

Note Waiting indicates that monitoring of the other unit's network interfaces has not yet started.

The following example shows that a failure has been detected. Note that interface 1 on the primary unit is the source of the failure. The units are back in waiting mode because of the failure. The failed unit has removed itself from the network (interfaces are down) and it is no longer sending hello packets on the network. The active unit will remain in the waiting state until the failed unit is replaced and failover communications start again.

ld-prim(config)# show failover
        Failover On
Cable status: Normal
                This host: Primary - Standby (Failed)
                        Active time: 7140 (sec)
                        Interface 0 (192.168.89.2): Normal (Waiting)
                        Interface 1 (192.168.89.2): Failed (Waiting)
                Other host: Secondary - Active
                        Active time: 30 (sec)
                        Interface 0 (192.168.89.1): Normal (Waiting)
                        Interface 1 (192.168.89.1): Normal (Waiting)