This article provides help with verifying that Connection Failover is set up and functioning correctly. When stateful connection failover is configured, TCP connections established through the primary NetScaler remain active after a failover. The new primary NetScaler obtains information about connections established before the failover and continues to provide service to those connections. The new primary NetScaler synchronizes its data with the new secondary NetScaler using an internal framework called the session stateful failover. Connection Failover works only in a High Availability (HA) environment and only for the following service types with Connection Failover configured for STATEFUL:

TCP
UDP
ANY
FTP
SSL_BRIDGE

Instructions

When two NetScalers are configured in an HA environment, it creates a client/server association between them. The Primary NetScaler associates with a client and the Secondary has Server associated with itself. This association can be viewed in real time using the following nsconmsg command:

nsconmsg -s ConLb=1 -d oldconmsg | grep ^SSF

PRIMARY
SSF: Conn (Srvr 0 Clnt 1) U:0
SSF: Conn (Srvr 0 Clnt 1) U:0
SSF: Conn (Srvr 0 Clnt 1) U:0

SECONDARY
SSF: Conn (Srvr 1 Clnt 0) U:0
SSF: Conn (Srvr 1 Clnt 0) U:0
SSF: Conn (Srvr 1 Clnt 0) U:0

The above output indicates that a peer connection is made and connections can be communicated across to the Secondary. Once a failover occurs, the association reverses.

In most cases, when a connection is made to a VIP, PCBs (Protocol Control Blocks) are created for each connection made to the VIP. In most cases, PCBs are created for each front end connections (VIP) and each backend connection (server). These connections can be viewed from the shell environment using the following command:

nsapimgr -d allpcbs

Note: This command might produce a large output. It is best used by sending it through grep and filter on an IP address of concern.

nsapimgr -d allpcbs | grep 10.12.33.13

    2 400000C2  2402979        0 10     10.12.33.13    80     10.12.33.15 30230
    3 400000C2  2402588        0 10     10.12.33.13    80     10.12.33.17 40353
    6 400000C2  2402617        0 10     10.12.33.13    80     10.12.33.15 24829

One point to mention here is that PCBs should be seen only on the Primary system. No PCBs appear on the Secondary until a failover has occurred.

To determine if connections are being handled by the stateful connection failover logic, use the following command on the Primary and Secondary:

nsconmsg -s ConLb=1 -d oldconmsg | grep ^CM

PRIMARY
CM: Conn (Srvr 0 Clnt 1) Sessions PCB 15 NATPCB 0
CM: Conn (Srvr 0 Clnt 1) Sessions PCB 25 NATPCB 0
CM: Conn (Srvr 0 Clnt 1) Sessions PCB 13 NATPCB 0

SECONDARY
CM: Conn (Srvr 1 Clnt 0) Sessions PCB 15 NATPCB 0
CM: Conn (Srvr 1 Clnt 0) Sessions PCB 25 NATPCB 0
CM: Conn (Srvr 1 Clnt 0) Sessions PCB 13 NATPCB 0

The above output shows that the Primary system stateful connection failover logic has PCBs to send to the Secondary and the secondary shows that it also has the same number of PCBs.


In later versions of NetScaler: 10.5+, using the above command on the Primary and Secondary will show the values for PCBs and NATPCBs on the Primary and Zero Values on the Secondary.
When a failover occurs, the values on the old Primary will move to the new Primary and the new Secondary (old Primary) will show as Zero:

nsconmsg -s ConLb=1 -d oldconmsg | grep ^CM

PRIMARY
CM: Conn (Srvr 0 Clnt 1) Sessions PCB 2 NATPCB 0
CM: Conn (Srvr 0 Clnt 1) Sessions PCB 2 NATPCB 0
CM: Conn (Srvr 0 Clnt 1) Sessions PCB 2 NATPCB 0

SECONDARY
CM: Conn (Srvr 1 Clnt 0) Sessions PCB 0 NATPCB 0
CM: Conn (Srvr 1 Clnt 0) Sessions PCB 0 NATPCB 0
CM: Conn (Srvr 1 Clnt 0) Sessions PCB 0 NATPCB 0

For additional background or reference information consult the NetScaler Administration Guide.