Whitepapers and concepts are nice and all but I can't replicate the High-Value traffic session failover between Cluster nodes. If i reboot an A-UAC L2 cluster member the High-Value traffic drops...
Shouldn't I see high value traffic on the second cluster member if I issued the "show datapath session high-value"
Also I'm failing at creating a custom "high-value" traffic test policy for icmp.
Ex:
!sync-apps-s-uac
----------------
Priority Source Destination Service Application Action TimeRange Log Expired Queue TOS 8021P Blacklist Mirror DisScan IPv4/6 Contract
-------- ------ ----------- ------- ----------- ------ --------- --- ------- ----- --- ----- --------- ------ ------- ------ --------
1 any any svc-icmp permit High 46 7 4
2 any any app icmp permit High 46 7 4
Hopefully these logs don't get too distorted...
(PDC-VMC2) [MDC] #show lc-cluster group-membership
Cluster Enabled, Profile Name = "PDC-Cluster"
Redundancy Mode On
Active Client Rebalance Threshold = 50%
Standby Client Rebalance Threshold = 75%
Unbalance Threshold = 5%
AP Load Balancing: Enabled
Active AP Rebalance Threshold = 50%
Active AP Unbalance Threshold = 5%
Active AP Rebalance AP Count = 30
Active AP Rebalance Timer = 1 minutes
Cluster Info Table
------------------
Type IPv4 Address Priority Connection-Type STATUS
---- --------------- -------- --------------- ------
peer 10.60.11.2 128 L2-Connected CONNECTED (Member, last HBT_RSP 22ms ago, RTD = 1.587 ms)
self 10.60.11.3 128 N/A CONNECTED (Leader)
(PDC-VMC2) [MDC] #
(PDC-VMC2) [MDC] #
(PDC-VMC2) [MDC] #show user-table
Users
-----
IP MAC Name Role Age(d:h:m) Auth VPN link AP name Roaming Essid/Bssid/Phy Profile Forward mode Type Host Name User Type
---------- ------------ ------ ---- ---------- ---- -------- ------- ------- --------------- ------- ------------ ---- --------- ---------
10.60.10.205 e8:4e:06:6d:a7:c7 allow-all-aar 00:00:42 G1-AP Wireless ACMX-Q/70:3a:0e:fa:26:e0/g-HT ACMX-Q tunnel Win 10 WIRELESS
User Entries: 1/1
Curr/**bleep** Alloc:2/146 Free:1/144 Dyn:3 AllocErr:0 FreeErr:0
(PDC-VMC2) [MDC] #
(PDC-VMC2) [MDC] #
(PDC-VMC2) [MDC] #
(PDC-VMC2) [MDC] #show datapath session high-value
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
u - Upstream Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
r - Route Nexthop, h - High Value
A - Application Firewall Inspect
B - Permanent, O - Openflow
L - Log
Sync-Flags: S - SYNC sent to Standby, A - ACKed by Standby
D - Marked for delayed delete
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes SIDX Flags Sync-Flags User-MAC CPU ID
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- -------- --------------- ------------ ----------------- -------
10.60.10.205 90.130.70.73 6 54994 27370 0/0 0 0 0 tunnel 12 cf 94982 4109824 c6a Ch S E8:4E:06:6D:A7:C72
(PDC-VMC2) [MDC] #exit
(PDC-VMM1) [mynode] #show global-user-table list
Global Users
------------
IP MAC Name Current switch Role Auth AP name Roaming Essid Bssid Phy Profile Type
---------- ------------ ------ -------------- ---- ---- ------- ------- ----- ----- --- ------- ----
10.60.10.205 e8:4e:06:6d:a7:c7 10.60.11.3 allow-all-aar G1-AP Wireless ACMX-Q 70:3a:0e:fa:26:e0 g-HT ACMX-Q Win 10
Total entries = 1
(PDC-VMM1) [mynode] #logon 10.60.11.2
(PDC-VMC1) [MDC] #show datapath session high-value
Datapath Session Table Entries
------------------------------
Flags: F - fast age, S - src NAT, N - dest NAT
D - deny, R - redirect, Y - no syn
H - high prio, P - set prio, T - set ToS
C - client, M - mirror, V - VOIP
Q - Real-Time Quality analysis
u - Upstream Real-Time Quality analysis
I - Deep inspect, U - Locally destined
E - Media Deep Inspect, G - media signal
r - Route Nexthop, h - High Value
A - Application Firewall Inspect
B - Permanent, O - Openflow
L - Log
Sync-Flags: S - SYNC sent to Standby, A - ACKed by Standby
D - Marked for delayed delete
Source IP Destination IP Prot SPort DPort Cntr Prio ToS Age Destination TAge Packets Bytes SIDX Flags Sync-Flags User-MAC CPU ID
--------------- --------------- ---- ----- ----- -------- ---- --- --- ----------- ---- --------- --------- -------- --------------- ------------ ----------------- -------
(PDC-VMC1) [MDC] #