I've got two SA4500 with the appropriate cluster licensing and I believe I followed the cluster setup as the documentation describes. Both nodes show in the cluster status and there are no errors present on that screen. However I see a lot of errors in the logs where the cluster flip-flops between the nodes and generates the following error for each node as this happens:
VIPs deactivated on node X on all ports, reason confused about ownership.
If I try to manually failover the VIP it goes to node 2 and then right back to node 1 again, generating these errors.
Has anyone seen this before? I haven't been able to find anything about this scenario so far, I figured I'd ask here before going to support.
On SA6500 these errors are frequent when adding or removing VIPs in the cluster -> client traffic is disrupted.
Also, when forcing a cluster failover in the GUI there is still no communication between the nodes about the upcoming failover so there is an outage for the VPN connections. That is not quite something that is expected.
We haven't seen any unexplained cluster failovers however.
I think I remember seeing them when we ran a lot of active/passive clusters. We ultimately decided that the complexity added by A/P clusters wasn't justified by the small amount of improved reliability and moved to A/A clusters or standalone SAs fronted by a load-balancer (which has its own set of problems).
Don't think I ever figured out why they were happening.