Configuration Consistency Check

This section describes how to check the consistency of cluster member configurations.

Context

In cluster networking, most configurations can be backed up, such as security policies and NAT policies. In normal situations, configuration modification on the master node is synchronized to other members in the cluster. However, if the backup link fails or a device powers off, configurations among cluster members will be inconsistent. Configuration inconsistency may cause service anomalies upon a device switchover. To prevent such a problem, you are advised to enable auto-check for cluster configuration consistency so that configuration consistency is checked on a regular basis. In addition, the cluster provides commands for you to manually check the configuration consistency.

Table 1 lists the items of the check on the configuration consistency among cluster devices.

**Table 1** Configuration consistency check items
Configuration Item	Description
Policy	Check whether the audit policy/authentication policy/NAT policy/security policy/traffic policy configurations are consistent.
Cluster	Check whether cluster-related configurations are consistent. Commands to be checked are as follows: business-group cluster detect-interval cluster id cluster track bfd-session cluster track interface cluster track ip-link cluster timer hello cluster timer holding-multiplier cluster backup node-num cluster session fast-sync enable cluster traffic-aggregation enable cluster ip-list cluster standby config enable cluster base config enable node priority ip-section cluster configuration auto-check interval cluster preempt delay bind ospf cluster adjust ospf-cost add
Hash	Checks the configuration consistency of the hash mode and hash gene next startup.
Interface	Items to be checked are as follows: Whether interfaces are consistent: The configurations are considered inconsistent as long as the interface configurations are different (the interface alias is not checked). Whether the number of VRRP groups configured on the same interfaces is consistent Whether the number of IPv4 addresses configured on the same interfaces is consistent Whether an IPSec policy applies to the same interfaces: Check whether the IPSec policy is applied to the interfaces. The contents of the IPSec policy are not checked. •Whether the ospf network-type configuration on the same interfaces is consistent
OSPF	Items to be checked are as follows: Whether the number of Networks in each OSPF process is consistent Whether each OSPF process imports direct routes Whether each OSPF process imports static routes Whether each OSPF process advertises default routes In case of OSPF process configuration inconsistency, the generated alarm and log information includes the names of the OSPF processes with different configurations.
BGP	Check whether BGP is configured. Do not check detailed BGP configurations.
License	Items to be checked are as follows: License status: activated, inactivated, invalid, or emergency Types of license control items Number of license resources Expiration date of antivirus, intrusion prevention, and URL remote query servers

By default, you can use the following methods to check whether the cluster configurations are consistent:

If the cluster configurations are inconsistent, the device outputs the CLRI/4/CLUSTERCOCHK log.
If the cluster configurations are inconsistent, the device outputs the CLRI_1.3.6.1.4.1.2011.6.122.85.2.12 hwSecClusterCochk alarm.
After running the cluster configuration check command, you can run the display cluster configuration check command to check the consistency check result.

By default, this command is executed on the management master device. After running the cluster standby config enable command on the master device, you can also run the command on the management slave device.

Procedure

Enable auto-check for cluster configuration consistency.
1. Run the cluster configuration auto-check enable command in the system view to enable auto-check for cluster configuration consistency.
  
  By default, the auto-check for cluster configuration consistency function is enabled.
2. Run the cluster configuration auto-check interval check-interval command in the system view to set the auto-check interval for cluster configuration consistency.
  
  The default auto-check interval is 1440 minutes.
3. Run the cluster configuration auto-check warning enable command in the system view to enable the function of sending alarms on auto-check for cluster configuration consistency.
  
  By default, the function is enabled.
  
  If the function is disabled, the device that executes the consistency check task does not output any alarm on the consistency check and outputs only related logs.
Run the cluster configuration check module command in the system view to enable configuration consistency check among cluster members.
The management master device compares its configuration with all cluster members, will each configuration backup device compares only its configuration with the configuration master device's configuration.

Follow-up Procedure

In the case of configuration inconsistency, clear the related configuration on the management backup devices and then run the cluster sync config command on the management master device to trigger the batch backup function of the cluster.