Forum Discussion
Derek_Murphy_38
Jun 22, 2011Nimbostratus
Hi Jim,
Great suggestions and I really appreciate your assistance.
I have redundancy set up and working which is fantastic. A strange occurrence happened when I was testing failover. I rebooted arx01 and all of the IP's failed over to ARX02. Once arx01 came back up the inband management IP's were restored. I did the same to arx02 and all IP's flipped over, and upon the first reboot the inband management IP's never came back. I restarted arx02 again and finally got the inband management IP's back. I thought this was kind of strange. In this type of situation what logs would be good to look at to see what may have happened?
I'm going to look at installing/configuring the secure agent/cifs authentication next.
It sounds that auth for me should be ok. I think we're just using uid/gid permissions. The only question I have is you mention that "if you use LDAP for NFS mount based security then ARX doesn't support that" Does that mean using ldap to prevent an actual mount request (nfs v4 maybe?) vs using a subnet ACL? If so, cool.. because we aren't using that. What we are using is ldap groups for file system permissions.
We're also going to change our cabling to have arx01 go to coresw1 and arx02 go to coresw2 as it doesn't seem like there's any supportable way to have it work without VSS. With the new design, if we have an 8 port channel will 4 ports essentially just be for redundancy since the arx2000 caps at 4gb or will all 8 be used and send 500mb/sec? Will the ARX fail over at a certain percentage loss of ports, all port loss, or is it a configurable value?
One of the behaviors I noticed when failing between ARX's is that the only IPs to not come back on the other node were the inband management. The proxy IP's from arx01 came online on arx02 (having 8 proxy IP's 4/4). Why is this? I expected to only see the VIP move. Is it due to re-establishing connections with the same IP or something along those lines?
Cheers,
-Derek