13-10
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
13






Configuring

High

Availability
Understanding
ACE

Redundancy
After
a

switchover

occurs,

the

same

connection

information

is

available

on

the

new

active

member.
Supported
end-user

applications

do

not

need

to

reconnect

to

maintain

the

same

network

session.
The
state

information

passed

to

the

standby

ACE

includes

the

following

data:


Network
Address

Translation

(NAT)
table
based

on

information

synchronized
with
the

connection
record


All
Transmission

Control
Protocol
(TCP)
and

User

Datagram

Protocol

(UDP)

connections

not
terminated
by

the

ACE


HTTP
connection

states

(Optional)


Sticky
table
Note
In
a

user

context,

the

ACE

allows

a

switchover

only

of

the

FT

group

that

belongs
to
that

context.

In
the
Admin
context,

the

ACE

allows

a

switchover

of

all

FT

groups

in

all

configured

contexts

in

the

ACE.
To
ensure

that

bridge

learning

occurs

quickly

upon

a

switchover

in

a

Layer

2

configuration

in

the

case
where
a

VMAC

moves

to

a

new

location,

the

new

active

member

sends

a

gratuitous

ARP

on

every
interface
associated

with

the

active

context.

Also,

when

there

are

two

VLANs

on

the

same

subnet

and
servers
need

to

send

packets

to

clients

directly,

the

servers

must

know

the

location

of

the

gateway

on

the
client-side
VLAN.

The

active

member

acts

as

the

bridge

for

the

two

VLANs.

In

order

to

initiate

learning
of
the

new

location

of

the

gateway,

the

new

active

member

sends

an

ARP

request

to

the

gateway

on

the
client
VLAN

and

bri

dges

t

he

ARP

response

onto

the

server

VLAN.
For
additional

information

about

ACE

redundancy,

see

either

the

Cisco

Application

Control

Engine
Module
Administration

Guide

or

Cisco

4700

Series

Application

Control

Engine

Appliance
Administration
Guide.
Related
Topics


Understanding
ACE

Redundancy,

page
13-6
ACE
Fault-Tolerant

VLAN
ACE
redundancy

uses

a

de

dicated

fault-tolerant

VLAN

between

redundant

ACEs

of

t

he

same

type

to
transmit
fl

ow-state

i

nformation

and

the

redundancy

heartbeat.

Do

not

use

this

dedicated

VLAN

for
normal
network

traffic.

You

must


configure

t

his

same

VLAN

on

both

peers.

You

also

must


configure

a
different
IP

address

within

the

same

subnet

on

each

ACE

for

the

fault-tolerant

VLAN.
The
two

redundant

ACEs

constantly

communicate

over

the

fault-tolerant

VLAN

to

determine

the
operating
status

of

each

ACE.

The

standby

member

uses

the

heartbeat

packet

to

monitor

the

health

of
the
active

member.

The

active

member

uses

the

heartbeat

packet

to

monitor

the

health

of

the

standby
member.
Communications
over

the

switchover

link

include

the

following

data:


Redundancy
protocol

packets


State
information

replication

data


Configuration
synchronization

information


Heartbeat
packets