要显示有关高可用性设备的故障转移状态的信息,请使用 show failover 命令。
show failover [ group num | history [ details ] | interface | state | trace
[ options ] | app-sync stats | statistics [ all | unit | np-clients | | cp-clients | bulk-sync [ all | control-plane | data-plane ] | interface [ all ] ] | details | config-sync errors [ all | current ] | config-sync stats [ all | current ] ]
Syntax Description
|
group num
|
显示指定的故障转移组的运行状态。
|
|
history [ details]
|
显示故障转移历史记录。这包括过去的故障转移状态更改以及状态更改的原因。此信息可帮助进行故障排除。
添加 details 关键字可显示对等体的故障转移历史记录。这包括故障转移状态更改和对等设备发生状态更改的原因。
历史记录信息会随设备重启而被清除。请注意,设备重启后,历史信息将被清除。
|
|
interface
|
显示故障转移和有状态链路信息。
|
|
state
|
显示两个故障转移设备的故障转移状态。显示的信息包括设备的主要或辅助状态、设备的主用或备用状态以及最新报告的故障转移原因。即使清除了故障的原因,故障原因信息也会保留在输出中。
|
|
trace [options ]
|
(可选)显示故障转移事件跟踪。选项包括故障转移事件跟踪级别 1 至 5:
-
critical :过滤故障转移关键事件跟踪(级别 = 1)。
-
debugging :过滤故障转移调试跟踪(调试级别 = 5)。
-
error :过滤故障转移内部例外(级别 = 2)。
-
informational :过滤故障转移信息跟踪(级别 = 4)。
-
warning :过滤故障转移警告(级别 = 3)。
|
|
statistics[ all| events| unit| np-clients| cp-clients| bulk-sync[ all| control-plane| data-plane]
|
显示本地设备事件、故障转移接口的传输和接收数据包计数以及批量同步持续时间。
-
np-clients - 显示 HA 数据路径客户端的数据包统计信息。
-
cp-clients - 显示 HA 控制平面客户端的数据包统计信息。
-
bulk-sync - 显示 HA 数据平面客户端和控制平面客户端的同步时间。
-
events - 显示应用代理通知的本地故障 - HA LAN 链路正常运行时间、管理引擎的心跳故障、Snort 崩溃和磁盘已满问题。
-
all - 显示 interface、np-client、cp-client 和 bulk-sync 的合并故障转移统计信息。
|
| app-sync stats |
显示故障转移应用同步统计信息。
|
|
details
|
显示高可用性对中对的故障转移详细信息。
|
|
config-sync
|
|
Command History
|
版本
|
修改
|
|
6.1
|
引入了此命令。
|
|
6.2.3
|
添加了 history details 关键字。
|
|
6.4
|
添加了以下对象静态计数:
-
规则数据库 B 同步
-
规则数据库 P-Sync
-
规则数据库删除
|
|
7.0
|
添加了 details 关键字。
|
|
7.4.1
|
添加了 config-sync error、config-sync stats 、statistics all、statistics events、statistics np-clients、statistics cp-clients 和 statistics bulk-sync 关键字。
app-sync stats 关键字已增强,可显示故障转移应用同步统计信息。 |
Usage Guidelines
show failover 命令显示动态故障转移信息、接口状态和有状态故障转移统计信息。
如果接口上配置了 IPv4 和 IPv6 地址,则两个地址都会出现在输出中。由于一个接口上可配置多个 IPv6 地址,因此只显示本地链路的地址。如果接口上未配置 IPv4 地址,则输出中的 IPv4 地址会显示为 0.0.0.0。如果接口上未配置
IPv6 地址,则输出中会直接省略地址。
只有在启用有状态故障转移时,才会出现有状态故障转移逻辑更新统计信息输出。“xerr”和“rerr”值并不指示故障转移中的错误数,而是指示数据包传输或接收错误数。
在 show failover 命令输出中,有状态故障转移字段包含以下值:
-
有状态对象具有以下值:
-
xmit:表示传输的数据包数。
-
xerr:表示传输错误数。
-
rcv:表示接收的数据表数。
-
rerr:表示接收错误数。
-
每行是针对特定对象的静态计数,如下所示:
-
General:表示所有有状态对象的总和。
-
sys cmd:指逻辑更新系统命令,例如 login 或 stay alive 。
-
up time:表示 威胁防御 设备正常工作时间的值,即主用 威胁防御 设备传递到备用 威胁防御 设备的时间。
-
RPC services:远程过程调用连接信息。
-
TCP conn:动态 TCP 连接信息。
-
UDP conn:动态 UDP 连接信息。
-
ARP tbl:动态 ARP 表信息。
-
Xlate_Timeout:表示连接转换超时信息。
-
IPv6 ND tbl:IPv6 邻居发现表信息。
-
VPN IKE upd:IKE 连接信息。
-
VPN IPSEC upd:IPsec 连接信息。
-
VPN CTCP upd:cTCP 隧道连接信息。
-
VPN SDI upd:SDI AAA 连接信息。
-
VPN DHCP upd:隧道化 DHCP 连接信息。
-
SIP Session:SIP 信令会话信息。
-
Route Session:路由同步更新的 LU 统计信息
-
Rule DB B-Sync:表示执行规则数据库批量同步的次数以及相应的错误(如有)
-
Rule DB P-Sync:表示规则数据库定期同步的次数以及此操作的错误(如有)
-
Rule DB Delete:表示发送规则数据库删除消息的次数以及此操作的错误(如有)
如果不输入故障转移 IP 地址,则 show failover 命令显示 IP 地址为 0.0.0.0,且接口的监控仍处于“等待”状态。您必须设置一个故障转移 IP 地址,故障转移才能工作。
下表介绍了故障转移的接口状态。
表 8. 故障转移接口状态
|
状态
|
说明
|
|
Normal
|
接口正在运行并正在接收来自对等设备上相应接口的问候数据包。
|
|
Normal (Waiting)
|
接口已打开,但尚未从对等体设备上的对应接口接收欢迎数据包。验证已为接口配置备用 IP 地址,并且两个接口之间存在连接。
当故障转移接口关闭时,您也可以看到此状态。
|
|
Normal (Not-Monitored)
|
接口正在运行,但故障转移进程并未监控它。未受监控的接口发生故障时不会触发故障转移。
|
|
No Link
|
物理链路断开。
|
|
No Link (Waiting)
|
物理链路断开,且接口尚未收到来自对等设备上相应接口的问候数据包。在恢复链路后,验证已为接口配置备用 IP 地址,并且两个接口之间存在连接。
|
|
No Link (Not-Monitored)
|
物理链路断开,但故障转移进程并未监控它。未受监控的接口发生故障时不会触发故障转移。
|
|
Link Down
|
物理链路处于工作状态,但是接口处于管理性关闭状态。
|
|
Link Down (Waiting)
|
物理链路处于工作状态,但是接口处于管理性关闭状态,且接口尚未收到来自对等设备上相应接口的问候数据包。将接口启动后,请检查该接口是否配置了备用 IP 地址,并且两个接口之间是否连接。
|
|
Link Down (Not-Monitored)
|
物理链路处于工作状态,但是接口处于管理性关闭状态,且故障转移流程并未监控它。未受监控的接口发生故障时不会触发故障转移。
|
|
Testing
|
接口由于丢失来自对等设备上相应接口的问候数据包而处于测试模式。
|
|
Failed
|
接口测试失败,并且接口标记为发生故障。如果接口故障符合故障转移条件,则接口故障会导致故障转移到备用设备或故障转移组。
|
Examples
以下是主用-备用故障转移的 show failover 命令的输出示例:
Failover unit Primary
Failover LAN Interface: failover GigabitEthernet0/2 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
Failover On
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 3 of 61 maximum
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 9.7(0)74, Mate 9.7(0)74
Serial Number: Ours 9A41CKDXQJU, Mate 9A3MFP0H1CP
Last Failover at: 19:23:17 UTC Oct 26 2016
This host: Primary - Active
Active time: 589 (sec)
slot 0: empty
Interface diagnostic (0.0.0.0): Normal (Waiting)
Interface outside (192.168.77.1): Normal (Waiting)
Interface inside (192.168.87.1): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)
Other host: Secondary - Standby Ready
Active time: 0 (sec)
Interface diagnostic (0.0.0.0): Normal (Waiting)
Interface outside (0.0.0.0): Normal (Waiting)
Interface inside (0.0.0.0): Normal (Waiting)
slot 1: snort rev (1.0) status (up)
slot 2: diskstatus rev (1.0) status (up)
Stateful Failover Logical Update Statistics
Link : failover GigabitEthernet0/2 (up)
Stateful Obj xmit xerr rcv rerr
General 45 0 44 0
sys cmd 44 0 44 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 0 0 0 0
Router ID 0 0 0 0
User-Identity 1 0 0 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
STS Table 0 0 0 0
Rule DB B-Sync 0 0 1 0
Rule DB P-Sync 5 0 1 0
Rule DB Delete 12 0 5 0
Logical Update Queue Information
Cur Max Total
Recv Q: 0 10 44
Xmit Q: 0 11 238
以下是主用-备用设置的 show failover state 命令的输出示例:
> show failover state
State Last Failure Reason Date/Time
This host - Primary
Negotiation Backplane Failure 15:44:56 UTC Jun 20 2016
Other host - Secondary
Not Detected Comm Failure 15:36:30 UTC Jun 20 2016
====Configuration State===
Sync Done
====Communication State===
Mac set
下表介绍了 show failover state 命令的输出。
表 9. show failover state 字段说明
|
字段
|
说明
|
|
Configuration State
|
显示配置同步状态。
以下是备用设备的可能配置状态:
-
Config Syncing - STANDBY :在执行同步配置时设置。
-
Interface Config Syncing - STANDBY
-
Sync Done - STANDBY :当备用设备完成从主用设备的配置同步时设置。
以下是主用设备的可能配置状态:
-
Config Syncing :在主用设备执行与备用设备的配置同步时在主用设备上设置。
-
Interface Config Syncing
-
Sync Done :在主用设备已成功完成到备用设备的配置同步时设置。
-
Ready for Config Sync :在备用设备发出准备好接收配置同步的信号时在主用设备上设置。
|
|
Communication State
|
显示 MAC 地址同步状态。
|
|
Date/Time
|
显示故障的日期和时间戳。
|
|
Last Failure Reason
|
显示最后报告故障的原因。此信息不会清除,即使故障情况已清除。只有发生故障转移时,此信息才会变更。
以下是可能的故障原因:
|
|
状态
|
显示设备的主要或辅助以及主用或备用状态。
|
|
This host/Other host
|
此主机指示被执行命令的设备的信息。其他主机指示故障转移配对中的另一个设备的信息。
|
以下是主设备上 show failover history 命令的输出示例:
> show failover history
==========================================================================
From State To State Reason
==========================================================================
14:29:59 UTC Nov 11 2017
Not Detected Negotiation No Error
14:30:36 UTC Nov 11 2017
Negotiation Cold Standby Detected an Active mate
14:30:38 UTC Nov 11 2017
Cold Standby Sync Config Detected an Active mate
14:30:47 UTC Nov 11 2017
Sync Config Sync File System Detected an Active mate
14:30:47 UTC Nov 11 2017
Sync File System Bulk Sync Detected an Active mate
14:31:00 UTC Nov 11 2017
Bulk Sync Standby Ready Detected an Active mate
14:31:39 UTC Nov 11 2017
Standby Ready Failed Interface check
This host:1
single_vf: OUTSIDE
Other host:0
14:31:46 UTC Nov 11 2017
Failed Standby Ready Interface check
This host:0
Other host:0
14:33:36 UTC Nov 11 2017
Standby Ready Just Active HELLO not heard from mate
14:33:36 UTC Nov 11 2017
Just Active Active Drain HELLO not heard from mate
14:33:36 UTC Nov 11 2017
Active Drain Active Applying Config HELLO not heard from mate
14:33:36 UTC Nov 11 2017
Active Applying Config Active Config Applied HELLO not heard from mate
14:33:36 UTC Nov 11 2017
Active Config Applied Active HELLO not heard from mate
==========================================================================
以下是辅助设备上 show failover history 命令的输出示例:
> show failover history
==========================================================================
From State To State Reason
==========================================================================
17:17:29 UTC Nov 10 2017
Not Detected Negotiation No Error
17:18:06 UTC Nov 10 2017
Negotiation Cold Standby Detected an Active mate
17:18:08 UTC Nov 10 2017
Cold Standby Sync Config Detected an Active mate
17:18:17 UTC Nov 10 2017
Sync Config Sync File System Detected an Active mate
17:18:17 UTC Nov 10 2017
Sync File System Bulk Sync Detected an Active mate
17:18:30 UTC Nov 10 2017
Bulk Sync Standby Ready Detected an Active mate
17:19:09 UTC Nov 10 2017
Standby Ready Failed Interface check
This host:1
single_vf: OUTSIDE
Other host:0
17:19:21 UTC Nov 10 2017
Failed Standby Ready Interface check
This host:0
Other host:0
==========================================================================
每个条目提供状态更改的时间和日期、初始状态、结果状态和状态更改的原因。最新的条目位于显示画面的底部。较旧的条目显示在顶部。最多可以显示 60 个条目。一旦到达条目数上限,随着新条目添加至底部,最旧的条目就会从输出的顶部移除。
失败原因包括有助于进行故障排除的详细信息。其中包括接口检查、故障转移状态检查、状态进程故障和服务模块故障。
以下是 show failover history details 命令的输出示例:
>show failover history details
==========================================================================
From State To State Reason
==========================================================================
09:58:07 UTC Jan 18 2017
Not Detected Negotiation No Error
09:58:10 UTC Jan 18 2017
Negotiation Just Active No Active unit found
09:58:10 UTC Jan 18 2017
Just Active Active Drain No Active unit found
09:58:10 UTC Jan 18 2017
Active Drain Active Applying Config No Active unit found
09:58:10 UTC Jan 18 2017
Active Applying Config Active Config Applied No Active unit found
09:58:10 UTC Jan 18 2017
Active Config Applied Active No Active unit found
==========================================================================
PEER History Collected at 09:58:54 UTC Jan 18 2017
=======================PEER-HISTORY=========================================
From State To State Reason
=========================PEER-HISTORY=======================================
09:57:46 UTC Jan 18 2017
Not Detected Negotiation No Error
09:58:19 UTC Jan 18 2017
Negotiation Cold Standby Detected an Active mate
09:58:21 UTC Jan 18 2017
Cold Standby Sync Config Detected an Active mate
09:58:29 UTC Jan 18 2017
Sync Config Sync File System Detected an Active mate
09:58:29 UTC Jan 18 2017
Sync File System Bulk Sync Detected an Active mate
09:58:42 UTC Jan 18 2017
Bulk Sync Standby Ready Detected an Active mate
=========================PEER-HISTORY=====================================
show failover history details 命令会请求对等体的故障转移历史记录,并打印设备故障转移历史记录以及对等体的最新故障转移历史记录。如果对等体在一秒内未响应,则会显示上次收集的故障转移历史记录信息。
下表显示了故障转移状态。有稳定和临时两种状态类型。稳定状态是发生如故障之类的情况而导致状态更改之前设备可保持的状态。临时状态是设备达到稳定状态时所经过的状态。
表 10. 故障转移状态
|
状态
|
Description
|
|
Disabled
|
禁用故障转移。这是稳定状态。
|
|
Failed
|
设备处于故障状态。这是稳定状态。
|
|
Negotiation
|
设备建立与对等设备的连接,并与其协商确定软件版本兼容性和主用/备用角色。根据协商的角色,设备将经历备用设备状态或主用设备状态,或进入故障状态。这是临时状态。
|
|
Not Detected
|
ASA 无法检测到对等设备的存在。若 ASA 启动并启用故障转移而对等设备不存在或关闭,会发生这种情况。
|
|
备用设备状态
|
|
Cold Standby
|
设备等待对等设备进入主用状态。当对等设备进入主用状态时,此设备进入备用配置状态。这是临时状态。
|
|
Sync Config
|
设备请求来自对等设备的运行配置。如果配置同步时发生错误,设备会回到初始化状态。这是临时状态。
|
|
Sync File System
|
设备与对等设备同步文件系统。这是临时状态。
|
|
Bulk Sync
|
设备接收对等设备的状态信息。只有启用有状态故障转移时,才会出现此状态。这是临时状态。
|
|
Standby Ready
|
设备已准备好在主用设备发生故障时接管。这是稳定状态。
|
|
主用设备状态
|
|
Just Active
|
设备成为主用设备时进入的第一个状态。在此状态时会向对等设备发送消息,向对等设备警报该设备成为主用设备并为接口设置 IP 地址和 MAC 地址。这是临时状态。
|
|
Active Drain
|
丢弃来自对等设备的消息队列。这是临时状态。
|
|
Active Applying Config
|
设备正在应用系统配置。这是临时状态。
|
|
Active Config Applied
|
设备已完成应用系统配置。这是临时状态。
|
|
Active
|
设备处于主用状态并在处理流量。这是稳定状态。
|
每个状态更改后面都附带状态更改原因。在设备从临时状态过渡到稳定状态时,原因通常保持相同。以下是可能的状态更改原因:
-
未出现错误
-
通过 CI config 命令设置
-
故障转移状态检查
-
故障转移接口恢复正常
-
未收到对方的问候消息
-
另一设备具有不同的软件版本
-
另一设备操作模式不同
-
另一设备许可证不同
-
另一设备机箱配置不同
-
另一设备卡配置不同
-
另一设备要本设备成为主用设备
-
另一设备要本设备成为备用设备
-
另一设备报告本设备已发生故障
-
另一设备报告该设备已发生故障
-
配置不匹配
-
检测到主用对等设备
-
未找到主用设备
-
已完成配置同步
-
已从通信故障恢复
-
另一设备具有不同的 VLAN 组配置
-
无法验证 VLAN 配置
-
配置同步未完成
-
配置同步失败
-
接口检查
-
我的通信失败
-
针对故障转移消息没有收到 ACK
-
另一设备在同步后进入卡机状态
-
从对等设备中检测不到电源
-
没有故障转移电缆
-
高可用性状态进度失败
-
检测服务卡故障
-
另一设备中的服务卡发生故障
-
本设备与对等设备的服务卡都正常
-
LAN 接口变成未配置
-
对等设备刚刚重新加载
-
从串行电缆切换到基于 LAN 的故障转移
-
无法验证配置同步的状态
-
自动更新请求
-
未知原因
以下是 show failover interface 命令的输出示例。设备已对故障转移接口配置 IPv6 地址:
> show failover interface
interface folink GigabitEthernet0/2
System IP Address: 2001:a0a:b00::a0a:b70/64
My IP Address : 2001:a0a:b00::a0a:b70
Other IP Address : 2001:a0a:b00::a0a:b71
Examples
以下是来自高可用性对上的对等体设备的 show failover details 命令的输出示例:
> show failover details
Failover On
Failover unit Secondary
Failover LAN Interface: HA-LINK GigabitEthernet0/3 (up)
Reconnect timeout 0:00:00
Unit Poll frequency 1 seconds, holdtime 15 seconds
1 Hold Interval Success: 12 Failure: 0
2 Hold Interval Success: 15 Failure: 0
3 Hold Interval Success: 15 Failure: 0
4 Hold Interval Success: 15 Failure: 0
5 Hold Interval Success: 15 Failure: 0
Interface Poll frequency 5 seconds, holdtime 25 seconds
Interface Policy 1
Monitored Interfaces 1 of 311 maximum
Interface: management
1 Hold Success: 0 Failure: 0
2 Hold Success: 0 Failure: 0
3 Hold Success: 0 Failure: 0
4 Hold Success: 0 Failure: 0
5 Hold Success: 0 Failure: 0
MAC Address Move Notification Interval not set
failover replication http
Version: Ours 99.16(2)10, Mate 99.16(2)10
Serial Number: Ours 9A7WJNE35T5, Mate 9A3497TXPU6
Last Failover at: 06:56:25 UTC Jan 25 2021
This host: Secondary - Standby Ready
Active time: 0 (sec)
slot 0: ASAv hw/sw rev (/99.16(2)10) status (Up Sys)
Interface management (203.0.113.130/fe80::250:56ff:feb7:4927): Unknown (Waiting)
slot 1: snort rev (1.0) status (up)
snort poll success:2877 miss:0
slot 2: diskstatus rev (1.0) status (up)
disk poll success:2877 miss:0
Other host: Primary - Active
Active time: 2910 (sec)
Interface management (203.0.113.130): Unknown (Waiting)
slot 1: snort rev (1.0) status (up)
peer snort poll success:2877 miss:0
slot 2: diskstatus rev (1.0) status (up)
peer disk poll success:2877 miss:0
Stateful Failover Logical Update Statistics
Link : HA-LINK GigabitEthernet0/3 (up)
Stateful Obj xmit xerr rcv rerr
General 379 0 380 0
sys cmd 379 0 379 0
up time 0 0 0 0
RPC services 0 0 0 0
TCP conn 0 0 0 0
UDP conn 0 0 0 0
ARP tbl 0 0 0 0
Xlate_Timeout 0 0 0 0
IPv6 ND tbl 0 0 0 0
VPN IKEv1 SA 0 0 0 0
VPN IKEv1 P2 0 0 0 0
VPN IKEv2 SA 0 0 0 0
VPN IKEv2 P2 0 0 0 0
VPN CTCP upd 0 0 0 0
VPN SDI upd 0 0 0 0
VPN DHCP upd 0 0 0 0
SIP Session 0 0 0 0
SIP Tx 0 0 0 0
SIP Pinhole 0 0 0 0
Route Session 0 0 0 0
Router ID 0 0 0 0
User-Identity 0 0 1 0
CTS SGTNAME 0 0 0 0
CTS PAC 0 0 0 0
TrustSec-SXP 0 0 0 0
IPv6 Route 0 0 0 0
以下是 show failover trace 命令的故障转移警告示例:
> show failover trace warning
Warning:Output can be huge. Displaying in pager mode
Oct 14 UTC 20:56:56.345 [CABLE] [ERROR]fover: peer rcvd down ifcs info
Oct 14 UTC 20:56:56.345 [CABLE] [ERROR]fover: peer has 1 down ifcs
Oct 14 UTC 20:56:56.345 [CABLE] [ERROR]fover: peer rcvd down ifcs info
Oct 14 UTC 20:56:56.345 [CABLE] [ERROR]fover: peer has 1 down ifcs
Oct 14 UTC 20:56:56.345 [CABLE] [ERROR]fover: peer rcvd down ifcs info
以下是适用于版本早于 7.2.x 的 show failover statistics 命令的故障转移示例:
ciscoftd(config)# show failover statistics
tx:121456
rx:121306
以下是适用于版本晚于 7.2.x 的 show failover statistics 命令的故障转移示例:
ciscoftd(config)# show failover statistics
tx:3396
rx:3296
Unknown version count for Fover ctl client: 0
Unknown reason count for peer's switch reason: 0
fover cd log create failed: 0
-
发送和接收计数器包括通过故障转移 LAN 接口发送或接收的所有 故障转移控制数据包。
-
当 故障转移控制数据包在接收的数据包 中的版本为 0 时,“Fover ctl 客户端的未知原因计数”计数器会递增。
-
如果 从对等设备接收到的 HA 切换原因不在本地已知原因列表中,则“对等体切换原因的未知原因计数”(Unknown reason count for peer's switch reason) 计数器会递增。
-
如果未创建 fover cd 日志文件句柄,则“fover cd log create failed”设置为 1。
以下是来自高可用性对上的主用设备的 show failover config-sync errors 命令的输出示例:
config)# show failover config-sync errors all
config failure details: time, return value, replication type, config
Mar 17 03:44:47.398 -3 CONFIG_SYNC name-server 10.1.1.208
Mar 17 04:31:32.868 -3 CONFIG_SYNC name-server 10.1.1.208
以下是来自高可用性对上的备用设备的 show failover config-sync stats 命令的输出示例:
show failover config-sync stats current
Current HA state : Standby Ready
Config sync skipped : FALSE
FREP count : 7
FREP_CMD count : 0
FREP_CMD_STBY count : 0
FREP_ACL count : 0
FREP size(bytes) : 7580
FREP duration(ms) : 1070
Worst case FREP time(ms) : 30
Clear config duration(ms) : 840
Config apply duration(ms) : 1880
Config tmatch duration(ms) : 1710
Config latency info:
1 second - 10 seconds
No observed executions > 1 second
10 seconds - 20 seconds
No observed executions > 10 seconds
Above 20 seconds
No observed executions > 20 seconds
FREP 是主用设备在形成故障转移对时发送到加入设备的整个配置。FREP_CMD、FREP_CMD_STBY 和 FREP_ACL 是主用设备在执行配置同步时发送到备用设备的命令。最坏情况 FREP 时间是两次完整配置同步之间的最长时间。
以下是 show failover statistics all 命令的故障转移示例:
ciscoftd(config)# show failover statistics all
show failover statistics unit
-----------------------------
Unit Poll frequency 2 seconds, holdtime 10 seconds
Failover unit health statistics set size 10
1 Hold Interval Success: 3 Failure: 0
2 Hold Interval Success: 5 Failure: 0
3 Hold Interval Success: 5 Failure: 0
4 Hold Interval Success: 5 Failure: 0
5 Hold Interval Success: 5 Failure: 0
show failover statistics interface all
--------------------------------------
Interface Poll frequency 2 seconds, holdtime 10 seconds
Interface Policy 1
Monitored Interfaces 3 of 1285 maximum
Health statistics monitored interfaces 3
Failover interface health statistics set size 10
Interface: outside
1 Hold Success: 0 Failure: 0
2 Hold Success: 0 Failure: 0
3 Hold Success: 0 Failure: 0
4 Hold Success: 0 Failure: 0
5 Hold Success: 0 Failure: 0
Interface: inside
1 Hold Success: 0 Failure: 0
2 Hold Success: 0 Failure: 0
3 Hold Success: 0 Failure: 0
4 Hold Success: 0 Failure: 0
5 Hold Success: 0 Failure: 0
Interface: diagnostic
1 Hold Success: 0 Failure: 0
2 Hold Success: 0 Failure: 0
3 Hold Success: 0 Failure: 0
4 Hold Success: 0 Failure: 0
5 Hold Success: 0 Failure: 0
show failover statistics np-clients
-----------------------------------
Abbreviations:
BLErr - Buffer lock error, HIErr - HA Interface error, PI - Peer incompatible
PSErr - Packet size error, IPkt - Invalid pkt, CPkt - Corrupted pkt
BErr - Buffer error, MDErr - Msg descriptor error, MxBErr - Multiplexer buffer error
MxBDErr - Multiplexer buffer descriptor error
HA DP Clients Statistics
TX Statistics
-----------------------------------------------------------------------------------------------------------------
Client Name Tx In Tx Out BLErr HIErr PI
-----------------------------------------------------------------------------------------------------------------
SNP HA private client 0 0 0 0 0
Soft NP flow stateful failover 0 0 0 0 0
Soft NP SVC stateful failover 0 0 0 0 0
SIP inspection engine 0 0 0 0 0
SCTP inspection engine 0 0 0 0 0
Soft NP NLP HA client 16 16 0 0 0
ODNS inspection engine 0 0 0 0 0
DNS BRANCH/SNOOPING module 0 0 0 0 0
ARP DP module 0 0 0 0 0
TFW DP module 0 0 0 0 0
SNP HA Heartbeat client 1130 1130 0 0 0
ZTNA DP module 0 0 0 0 0
Unknown client 0 0 0 0 0
RX Statistics
-----------------------------------------------------------------------------------------------------------------
Client Name Rx In Rx Out PSErr IPkt CPkt PI
-----------------------------------------------------------------------------------------------------------------
SNP HA private client 0 0 0 0 0 0
Soft NP flow stateful failover 0 0 0 0 0 0
Soft NP SVC stateful failover 0 0 0 0 0 0
SIP inspection engine 0 0 0 0 0 0
SCTP inspection engine 0 0 0 0 0 0
Soft NP NLP HA client 1 1 0 0 0 0
ODNS inspection engine 0 0 0 0 0 0
DNS BRANCH/SNOOPING module 0 0 0 0 0 0
ARP DP module 0 0 0 0 0 0
TFW DP module 0 0 0 0 0 0
SNP HA Heartbeat client 1121 1121 0 0 0 0
ZTNA DP module 0 0 0 0 0 0
Unknown client 0 0 0 0 0 0
Buffer Failure Statistics
-----------------------------------------------------------------------------------------------------------------
Client Name BErr MDErr MxBErr MxBDErr
-----------------------------------------------------------------------------------------------------------------
SNP HA private client 0 0 0 0
Soft NP flow stateful failover 0 0 0 0
Soft NP SVC stateful failover 0 0 0 0
SIP inspection engine 0 0 0 0
SCTP inspection engine 0 0 0 0
Soft NP NLP HA client 0 0 0 0
ODNS inspection engine 0 0 0 0
DNS BRANCH/SNOOPING module 0 0 0 0
ARP DP module 0 0 0 0
TFW DP module 0 0 0 0
SNP HA Heartbeat client 0 0 0 0
ZTNA DP module 0 0 0 0
Unknown client 0 0 0 0
-----------------------------------------------------------------------------------------------------------------
show failover statistics bulk-sync
-----------------------------------
For session 0, NP Client Bulk Sync stats
===================================================================================================================
Client Name Status Start Time End Time Time Taken
===================================================================================================================
Soft NP flow stateful failover Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Soft NP SVC stateful failover Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
SCTP inspection engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
DNS BRANCH/SNOOPING module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
ARP DP module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
TFW DP module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
ZTNA DP module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
===================================================================================================================
For session 0, CP Client Bulk Sync stats
===================================================================================================================
Client Name Status Start Time End Time Time Taken
===================================================================================================================
HA Internal Control Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Failover Control Module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Legacy LU support Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
vpnfo Done 06:44:50 UTC Feb 10 2023 06:45:00 UTC Feb 10 2023 00:00:10
vpnfo Done 06:44:50 UTC Feb 10 2023 06:45:00 UTC Feb 10 2023 00:00:10
SIP inspection engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
NetFlow Module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
HA Shared License Client Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Route HA engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
CTS Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
CTS SXP Module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
IPv6 Route HA engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Service Tag Switching Module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
CFG_HIST HA Client Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
SCTP inspection engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
KCD Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
HA CD Proxy Client Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
DHCPv6 HA engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Attribute Module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
ODNS inspection engine Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Ruld ID DB Client Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
DNS branch HA CP client Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
DNS_TRUSTED_SOURCE module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
Threat-Detection Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
ZTNA HA Module Done 06:44:50 UTC Feb 10 2023 06:44:50 UTC Feb 10 2023 00:00:00
===================================================================================================================
以下是 show failover statistics cp-clients 命令的输出示例(仅限非零行):
show failover statistics cp-clients
Abbreviations:
TxIn - Pkt rcvd at HA from client, TxOut - Pkt sent from HA to Interface
BErr - Buffer alloc failure, MDErr - Msg desc alloc failure, AckRcvd - Ack rcvd
ReTx - Retransmit pkts, NoSvc - HA service is down, PIErr - Client is incompatible
EncErr - Error in encrypting pkt, RepCfg - Replace cfg enabled
RxIn - Pkt rcvd from Interface to HA, RxOut - Pkt sent from HA to client
MDErr - Msg desc alloc failure, AckSent - Ack sent, NMsgCb - No Msg callback for client
InVcid - Invalid vcid rcvd, PIErr - Client is incompatible, InvPkt - Invalid pkt rcvd,
HA CP Clients Statistics
TX Statistics
-----------------------------------------------------------------------------------------------------------------
Client Name TxIn TxOut BErr MDErr AckRcvd ReTx NoSvc PIErr EncErr RepCfg
-----------------------------------------------------------------------------------------------------------------
Legacy LU Support 478 478 0 0 0 0 0 0 0 0
vpnfo 2 2 0 0 2 0 0 0 0 0
HA CD Proxy Client 17 17 0 0 17 0 0 0 0 0
-----------------------------------------------------------------------------------------------------------------
Total Aggressive Ack rcvd : 0
RX Statistics
-----------------------------------------------------------------------------------------------------------------
Client Name RxIn RxOut MDErr AckSent NMsgCb InVcid PIErr InvPkt
-----------------------------------------------------------------------------------------------------------------
Legacy LU Support 478 478 0 0 0 0 0 0
vpnfo 1960 1960 0 12 0 0 0 0
CTS 1 1 0 1 0 0 0 0
CFG_HIST HA Client 12 12 0 12 0 0 0 0
HA CD Proxy Client 10 10 0 10 0 0 0 0
ZTNA HA Module 1 1 0 1 0 0 0 0
-----------------------------------------------------------------------------------------------------------------
Total Aggressive Ack sent : 0
Total Invalid pkts rcvd : 0
Total unknown client pkts rcvd : 0
Failover cumulative packet statistics
-------------------------------------
tx:854
rx:786
以下是 show failover statistics np-clients 命令的输出示例(仅限非零行):
show failover statistics np-clients
Abbreviations:
BLErr - Buffer lock error, HIErr - HA Interface error, PI - Peer incompatible
PSErr - Packet size error, IPkt - Invalid pkt, CPkt - Corrupted pkt
BErr - Buffer error, MDErr - Msg descriptor error, MxBErr - Multiplexer buffer error
MxBDErr - Multiplexer buffer descriptor error
HA DP Clients Statistics
TX Statistics
-------------------------------------------------------------------------------------------
Client Name Tx In Tx Out BLErr HIErr PI
-------------------------------------------------------------------------------------------
Soft NP flow stateful failover 1420091 1420091 0 0 0
Soft NP NLP HA client 45131 45131 0 0 0
Soft NP NLP HA client current 45129 45129 0 0 0
SNP HA Heartbeat Client 4240 4240 0 0 0
--------------------------------------------------------------------------------------------
RX Statistics
---------------------------------------------------------------------------------------------
Client Name Rx In Rx Out PSErr IPkt CPkt PI
---------------------------------------------------------------------------------------------
Soft NP NLP HA client 7943 7943 0 0 0 0
Soft NP NLP HA client current 7943 7943 0 0 0 0
SNP HA Heartbeat client 4185 4185 0 0 0 0
---------------------------------------------------------------------------------------------
Buffer Failure Statistics
---------------------------------------------------------------------------------------------
Client Name BErr MDErr MxBErr MxBDErr
---------------------------------------------------------------------------------------------
Soft NP NLP HA 是 HA 客户端。
Soft NP NLP HA Current 显示当前会话中应用同步的计数器:
-
NP = 数据平面
-
Soft NP = 数据平面的内部结构
-
NLP = 非 Lina 进程
以下是显示故障转移事件统计信息的 show failover statistics events 命令的输出示例:
show failover statistics events
Info: App agent is initialized at 18:57:51 UTC May 23 2023
Info: App agent interfaces are synced at 19:01:06 UTC May 23 2023
==========================================================================
MIO Events Table | Time | blade_id | chassis_id|
==========================================================================
MIO heartbeat recovered| 18:57:57 UTC May 23 2023| 1 | 0 |
MIO heartbeat failure | 19:01:06 UTC May 23 2023| 1 | 0 |
==========================================================================
======================================================================
Snort/Disk Events Table | Time | Status |
======================================================================
NGFW-1.0-diskstatus-1.0 | 18:57:32 UTC May 23 2023| Initializing|
NGFW-1.0-snort-1.0 | 18:57:32 UTC May 23 2023| Initializing|
NGFW-1.0-diskstatus-1.0 | 18:57:33 UTC May 23 2023| UP |
NGFW-1.0-snort-1.0 | 18:57:33 UTC May 23 2023| UP |
======================================================================
以下是 show failover app-sync stats 命令的输出示例:
show failover app-sync stats
==============================
App-Sync statistics
==============================
16:50:29 UTC Oct 16 2023
This host:
HA role: Secondary
HA state: Standby Ready
==============================
App-Sync Transport Tx count: 17
App-Sync Transport Tx error: 0
App-Sync Immediate Tx count: 17
App-Sync Immediate Tx error: 0
App-Sync Rx count: 10
App-Sync Rx error: 0
==============================
反馈