在内存和代码都升级之后,我们的大量 asa 5520(在主动/备用对中)出现问题。问题表现为在故障转移接口上与另一对设备失去连接,并且通常伴随着备用设备的重新加载。由于内存和代码都受到影响,我们试图将两者视为问题的根源。代码正在适当的情况下恢复,但这并不总是可行的。有没有办法在设备启动并运行时测试内存(如 memtest)?
5520 运行 8.2(3),配备 2GB 内存。
05:05:36 %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface outside
05:05:36 %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface inside
05:05:36 %ASA-1-105008: (Secondary) Testing Interface outside
05:05:36 %ASA-1-105008: (Secondary) Testing Interface inside
05:05:37 %ASA-1-105009: (Secondary) Testing on interface inside Passed
05:05:38 %ASA-1-105009: (Secondary) Testing on interface outside Passed
05:11:39 %ASA-1-105003: (Primary) Monitoring on interface outside waiting
05:11:39 %ASA-1-105003: (Primary) Monitoring on interface inside waiting
05:11:39 %ASA-1-105006: (Primary) Link status 'Up' on interface outside
05:11:39 %ASA-1-105006: (Primary) Link status 'Up' on interface inside
05:11:41 %ASA-1-105003: (Secondary) Monitoring on interface outside waiting
05:11:41 %ASA-1-105003: (Secondary) Monitoring on interface inside waiting
05:11:56 %ASA-1-105004: (Secondary) Monitoring on interface outside normal
05:11:56 %ASA-1-105004: (Secondary) Monitoring on interface inside normal
05:11:59 %ASA-1-105004: (Primary) Monitoring on interface outside normal
05:11:59 %ASA-1-105004: (Primary) Monitoring on interface inside normal
05:12:31 %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface outside
05:12:31 %ASA-1-105005: (Secondary) Lost Failover communications with mate on interface inside
05:12:31 %ASA-1-105008: (Secondary) Testing Interface outside
05:12:31 %ASA-1-105008: (Secondary) Testing Interface inside
05:12:32 %ASA-1-105009: (Secondary) Testing on interface outside Passed
05:12:32 %ASA-1-105009: (Secondary) Testing on interface inside Passed
05:18:50 %ASA-1-105006: (Primary) Link status 'Up' on interface outside
05:18:50 %ASA-1-105006: (Primary) Link status 'Up' on interface inside
05:18:51 %ASA-1-105003: (Secondary) Monitoring on interface outside waiting
05:18:51 %ASA-1-105003: (Secondary) Monitoring on interface inside waiting
05:18:52 %ASA-1-105003: (Primary) Monitoring on interface outside waiting
05:18:52 %ASA-1-105003: (Primary) Monitoring on interface inside waiting
05:19:07 %ASA-1-105004: (Primary) Monitoring on interface outside normal
05:19:07 %ASA-1-105004: (Primary) Monitoring on interface inside normal
05:19:11 %ASA-1-105004: (Secondary) Monitoring on interface outside normal
05:19:11 %ASA-1-105004: (Secondary) Monitoring on interface inside normal
答案1
好吧,我不会假装我有事实上的答案,但是你有没有考虑过……
您是否使用专用接口进行故障转移(例如管理端口),因为其他流量可能会延迟触发故障转移条件的“hello”数据包?
您是否尝试过像这样调整按住计时器:
hostname(config)# failover polltime interface [msec] time [holdtime time]
也许延长计时器可能会产生不同的结果,如果确实如此,您就知道代码/内存并不是唯一负责重新加载的人。
您也可以尝试以下命令:
show failover history
尝试确定故障转移发生的原因。但是从您的输出来看,接口或链接确实出现故障,因此我不确定这是否是内存问题,尽管代码问题也很有可能。