How to tell which Node is hosting a EIP in a Cluster on AWS

Also. When I restart a device, with the devices in a Warm Failover configuration, as per the template online here (https://community.sophos.com/kb/hu-hu/122202)  ... The EIP does not move from the primary node to the second. I would expect on a restart, that the EIP should move, as it does on Brocade Traffic Manager , near instantly (few seconds etc).. However on my setup, the EIP stays bound to the node which is restarting. Is that normal behaviour, and is it customisable?

Thanks 

Zak, if you did any configuration of the second instance, this is broken.  The EIP should transfer over.  The fact that it doesn't and that you're having other issues probably means you need to start over.  You should be able to restore from backup after you create the new instance.  Was that the issue?

Cheers - Bob

Zak, if you did any configuration of the second instance, this is broken.  The EIP should transfer over.  The fact that it doesn't and that you're having other issues probably means you need to start over.  You should be able to restore from backup after you create the new instance.  Was that the issue?

Cheers - Bob

Thanks Bob, appreciate the reply

Yep , no configuration after deployment , basically just testing pure fail over and no go. Have deployed multiple VPCs from the Warm standby template and still the issue persists. Sophos Support mention to contact AWS support..

Abit of a shame really. The only time the IP will move, is if the machine is shutdown, or the machine manually terminated, then it will move.

THanks for the help

"The only time the IP will move, is if the machine is shutdown" - In "Hot" Standby with physical devices, the only time there's a fail over is when the device fails or one of the monitored interfaces fails.  What are you doing to test the behavior?

Cheers - Bob

Thank you Bob.

Is this the case on AWS as well? I am just restarting the device and expecting it to fail over the EIP.. If i shutdown the device however, the EIP moves accross to the other firewall, as it spawns a new instance.

It doesnt seem right that the EIP doesnt fail over on a restart. In the physical world that would be the case or as virutal appliances with a sync interface..I run a Brocade load balancer cluster and that will fail over a EIP on restart.

I have deployed about different Cloudformation warm failover templates and its the case on all 4. Just wanted to make sure I wasnt doing anything wrong. On some of these deployments I made no changes just to ensure it wasnt something I was doing.

Thanks for the help

I've not yet moved anyone to HA in AWS because I don't think the template for moving existing AWS instances to HA is reliable at this point, so I don't have any direct experience.

You're describing "hot" fail over with the load balancer, and this is "warm" fail over.  I suspect that disabling the interface in the running instance would cause fail over to the "Warm Standby" instance and that the EIP would follow.  Does it work like that?

Cheers - Bob

Ok thanks for the reply.

So I timed it all, it takes about 10minutes from stopping one instance, to having the Elastic IP moved to the second instance, and a new isntance spawned. So its pretty slow.

At this point I think Sophos need to look into better adjusting their cloud template to allow for the move EIP command to be done sooner. 

I found a command, that I can manually move the EIP between two nodes in different availibility zones, with just 2 ping drop outs, which is quite a cool thing. 

Cool!  Please share, Zak.

Cheers - Bob