Hi there,
For some reason I'm unable to get HA cluster (HIGH/LOW) running, it cannot see it's peer. Just after I installed the license it worked for an hour and then it didn't any more.
Here's my config:
> show system ha config system ha set mode enable set interface port2 set priority low set hb-interval 10 set hb-lost-threshold 6 set mgmt-ip 10.22.61.2/255.255.255.0 set mgmt-access SSH HTTPS GUI set role cluster_mem
And the slony logs from HA
020-06-05T10:24:47.710904-04:00 scn00419 slon[3469]: [1-1] 2020-06-05 10:24:47 BOT ERROR cannot get sl_local_node_id - ERROR: relation "_fac_ha.sl_local_node_id" does not exist 2020-06-05T10:24:47.710931-04:00 scn00419 slon[3469]: [1-2] LINE 1: select last_value::int4 from "_fac_ha".sl_local_node_id 2020-06-05T10:24:47.710935-04:00 scn00419 slon[3469]: [1-3] ^ 2020-06-05T10:24:47.710938-04:00 scn00419 slon[3469]: [2-1] 2020-06-05 10:24:47 BOT FATAL main: Node is not initialized properly - sleep 10s
Strange thing is in vSphere when I list my IP addresses:
[ul]
Anyone troubleshooting? Tried different port for HA and latest update for FortiAuthenticator. vSphere is on Version 6...Any help would be thankful!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello,
Got quite the same behaviour.
HA is flapping very often.
And I can see also 169.254.x.x IP addresses for UDP heartbeats when I run a tcpdump insteaf of 10.x.x.x IP addresses assigned to port2
Did you resolve?
Hey roms,
the 169.254.x.x IP adresses are expected - FortiAuthenticator units build a tunnel between them and use those 169.254.x.x IPs for that.
Regarding your cluster flapping a lot, I would suggest to check the following:
- what firmware is your FortiAuthenticator? If not the newest, you could consider upgrading
- does your FortiAuthenticator cluster share the HA link with any other traffic that could cause delays/packet loss?
- if you are using the default HA timers (interval of 1000 ms and a tolerance of six missed heartbeats), you could consider increasing them to see if that helps a bit; it makes the ha link more resistant to the occasional packet loss but also means failover will take a bit longer to be initiated
Hi Debbie,
Thanks for the input regarding the 169.245.x.x interface (good to know)
We are running 6.4.1. The 2 VM hav the dedicated HA link plugged on a separate network with only few servers (2-3).
I think we are going to play a little with the timers. From what we can see the failover occures 2.3 times a day
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1063 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.