Technical Tip: Virtual Cluster behavior after use 'execute ha failover set [vcluster]'
| Description | This article describes Virtual Cluster behavior after using 'execute ha failover set [vcluster]'. |
| Scope | FortiGate. |
| Solution | In this example, FortiGate Cluster has two Virtual Clusters (vcluster): vcluster_1 and vcluster_2.
Cluster: Active-Pasive. FW_02 as Primary. FW_01 as Secondary. FW_02 (global) $ get sys status Serial-Number: FG3K000000000002 Hostname: FW_02 Current HA mode: a-p, primary FW_01 (global) $ get sys status Serial-Number: FG3K000000000001 Hostname: FW_01 Current HA mode: a-p, secondary
FW_02 (global) $ get sys ha status HA Health Status: OK Model: FortiGate-3000F Mode: HA A-P Group Name: 3000F-HA Group ID: 1 Debug: 0 Cluster Uptime: 76 days 9h:35m:31s Cluster state change time: 2024-12-21 02:50:53 Primary selected using: virtual cluster 1: <2024/12/21 02:50:53> vcluster-1: FG3K000000000002 is selected as the primary because its uptime is larger than peer member FG3K000000000001. <----- Last HA selection event. ses_pickup: disable override: vcluster_1 disable vcluster_2 disable Configuration Status: FG3K000000000002(updated 1 seconds ago): in-sync <----- Correct Synchronization. FG3K000000000001(updated 3 seconds ago): in-sync <----- Correct Synchronization. number of member: 2 FW_02 , FG3K000000000002, HA cluster index = 0 FW_01 , FG3K000000000001, HA cluster index = 1 number of vcluster: 2 vcluster 1: work 169.254.0.1 Primary: FG3K000000000002, HA operating index = 0 <---- FG3K000000000002,Primary. Secondary: FG3K000000000001, HA operating index = 1 <----- FG3K000000000001,Secondary. vcluster 2: work 169.254.0.1 Primary: FG3K000000000002, HA operating index = 0 <----- FG3K000000000002,Primary. Secondary: FG3K000000000001, HA operating index = 1 <----- FG3K000000000001,Secondary. FW_02 (global) $ di sys ha status [Debug_Zone HA information] HA group member information: is_manage_primary=1. FG3K000000000002: Primary, serialno_prio=0, usr_priority=128, hostname=FW_02<----- FG3K000000000002,Primary. FG3K000000000001: Secondary, serialno_prio=1, usr_priority=250, hostname=FW_01<----- FG3K000000000001,Secondary. [Kernel HA information] vcluster 1, state=work, primary_ip=169.254.0.1, primary_id=0, silent=0 FG3K000000000002: Primary, ha_prio/o_ha_prio=0/0 <----- FW_02,Primary. FG3K000000000001: Secondary, ha_prio/o_ha_prio=1/1 <----- FW_01,Secondary. vcluster 2, state=work, primary_ip=169.254.0.1, primary_id=0, silent=0 FG3K000000000002: Primary, ha_prio/o_ha_prio=0/0 <----- FW_2,Primary. FG3K000000000001: Secondary, ha_prio/o_ha_prio=1/1 <----- FW_01,Secondary. FW_02 is Primary in vcluster_1 and vcluster_2. FW_01 is Secondary in vcluster_1 and vcluster_2.
FW_02 (global) $ exe ha failover set [integer] Virtual cluster ID. Optional; if not given, all virtual clusters are affected. FW_02 (global) $ exe ha failover set 1 Caution: This command will trigger an HA failover. It is intended for testing purposes. Do you want to continue? (y/n)y
FW_02 (global) $ di sys ha status [Debug_Zone HA information] HA group member information: is_manage_primary=0. FG3K000000000002: Secondary, serialno_prio=0, usr_priority=128, hostname=FW_02 -----> FG3K000000000002,Secondary. FG3K000000000001: Primary, serialno_prio=1, usr_priority=250, hostname=FW_01 -----> FG3K000000000001,Primary. [Kernel HA information] vcluster 1, state=standby, primary_ip=169.254.0.2, primary_id=0, silent=0 FG3K000000000002: Secondary, ha_prio/o_ha_prio=1/1 -----> FW_02,Secondary. FG3K000000000001: Primary, ha_prio/o_ha_prio=0/0 -----> FW_01,Primary. vcluster 2, state=work, primary_ip=169.254.0.1, primary_id=1, silent=0 FG3K000000000002: Primary, ha_prio/o_ha_prio=0/0 -----> FW_02,Primary. FG3K000000000001: Secondary, ha_prio/o_ha_prio=1/1 -----> FW_01,Secondary. FW_02 (global) $ get sys ha status HA Health Status: OK Model: FortiGate-3000F Mode: HA A-P Group Name: 3000F-HA Group ID: 1 Debug: 0 Cluster Uptime: 76 days 9h:49m:47s Cluster state change time: 2025-01-09 03:52:06 Primary selected using: virtual cluster 1: <2025/01/09 03:52:06> vcluster-1: FG3K000000000001 is selected as the primary because EXE_FAIL_OVER flag is set on peer member FG3K000000000002. -----> New HA selection event. <2024/12/21 02:50:53> vcluster-1: FG3K000000000002 is selected as the primary because its uptime is larger than peer member FG3K000000000001. -----> Last HA selection event. ses_pickup: disable override: vcluster_1 disable vcluster_2 disable Configuration Status: FG3K000000000002(updated 1 seconds ago): in-sync <----- Correct Synchronization. FG3K000000000001(updated 4 seconds ago): in-sync <----- Correct Synchronization. number of member: 2 FW_02 , FG3K000000000002, HA cluster index = 0 FW_01 , FG3K000000000001, HA cluster index = 1 number of vcluster: 2 vcluster 1: standby 169.254.0.2 Secondary: FG3K000000000002, HA operating index = 1 <----- FW_02,Secondary. Primary: FG3K000000000001, HA operating index = 0 <----- FW_01,Primary. vcluster 2: work 169.254.0.1 Primary: FG3K000000000002, HA operating index = 0 <----- FW_02,Primary. Secondary: FG3K000000000001, HA operating index = 1 <----- FW_01,Secondary. Now: FW_02 is Secondary in vcluster_1. FW_02 is Primary in vcluster_2. FW_01 is Primary in vcluster_1. FW_01 is Secondary in vcluster_2.
Related articles: Technical Tip: How to use failover flag to change Active unit FortiGate / FortiOS 7.4.7 Administration Guide / Force HA failover for testing and demonstrations |