Fortigate HA 的 5分钟问题
将两台FG60B,不选择monitor interface,配置相同的优先级,同时启动。
FGT60B3909686179 # get sys ha status
Model: 60
Mode: a-p
Group: 0
Debug: 0
ses_pickup: enable
Master:200 FGT60B3909686179 FGT60B3909686179 0
Slave :200 FGT60B3909225035 FGT60B3909225035 1
number of vcluster: 1
vcluster 1: work 169.254.0.1
Master:0 FGT60B3909686179
Slave :1 FGT60B3909225035
1 监控活跃端口个数相同。(都是0个)
2 HA运行时间形同。(相差未超过5分钟)
3 优先级相同。(都为200)
4 序列号大的为主。(FGT60B3909686179 为主)
-----------------------------------------------------------------------------------------------
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2, state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-6,mon=0.
FG FGT60B3909686179 比
FGT60B3909225035 晚0.6秒。(这个时间是加入HA的时间)
----------------------------------------------------------------------------------------------------
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-279,mon=0.
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-596,mon=0.
使用 diagnose sys ha reset-uptime 进行软切换。因为 time 时间相差未够5分钟。切换失败,FGT60B3909686179继续为主。
-----------------------------------------------------------------------------------------------------------
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-788,mon=0.
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-1077,mon=0.
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-1551,mon=0.
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-2313,mon=0.
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=work, digest=86.ea.59.d8.a1.57...
ventry idx=0,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=1,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-2936,mon=0.
FGT60B3909686179 # diag sys ha reset-uptime
FGT60B3909686179 # diag sys ha dump 1
HA information.
vcluster id=1, nventry=2,
state=standy, digest=84.ed.61.38.5b.7f...
ventry idx=1,id=1,FGT60B3909686179,prio=200,0,override=0,flag=1,time=0,mon=0.
ventry idx=0,id=1,FGT60B3909225035,prio=200,0,override=0,flag=0,
time=-3007,mon=0.
root: ha_mode=10302, mode=2, state=3(300), idx=1(10000).
ha_update_vcluster_st: root: ha_mode=10302
Send vmsg nvdoms=1, len=20.
不停的利用软切换方式,将HA时间差值增大到5分钟(3000/10/60=5 )。当到达3000后,设备进行了正常的主备切换。状态从work 变为 standy 。
本文出自 “一颗平和的心” 博客,谢绝转载!