For statefull PIX failovers they do need to share info. In the scenario
below, a downed PIX would cause people to need to reconnect. In Pix's
statefull failover that would not happen. I guess there is a lot more at
issue here then I first thought. Like the static's and nat on the pix's. You
could not maintain that info in this scenario. You could not have both pix's
advertising the same global address either so it would not work.
-----Original Message-----
From: Yonkerbonk [mailto:[EMAIL PROTECTED]]
Sent: Friday, January 12, 2001 10:26 AM
To: Christopher Larson; Tim O'Brien; [EMAIL PROTECTED]
Subject: RE: Any body know about Cisco Content Switch
I imagine the problem comes when the PIX needs to know
the state of the data flow, like if it's an ongoing
TCP session or just random data. I'm not sure if this
is an issue. Do the PIXs need to share information? Do
the CSS do that for them?
--- Christopher Larson <[EMAIL PROTECTED]> wrote:
> I am not sure about CSS switches, and maybe your
> needs are special, but
> couldn't you just add a default route to both PIX's
> on each switch's RSM and
> turn off fast-switching. You will then get per
> packet load balancing between
> the switches and the pix's.
>
> I have done this before between 6500's and routers
> in for high
> avail/reliability but not between the switches and
> PIX's. I don't know why
> it wouldn't work with the pix though .
>
>
>
>
>
>
> -----Original Message-----
> From: Yonkerbonk [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, January 11, 2001 8:39 PM
> To: Tim O'Brien; [EMAIL PROTECTED]
> Subject: Re: Any body know about Cisco Content
> Switch
>
>
> We currently have our PIXs side by side right behind
> the internet routers. Then the PIXs connect into two
> redundant 6509s, which is our core.
> We are trying for high availibility, which the
> failover software already does for us. But I was
> thinking it probably was better to use both of them
> at
> the same time, more efficient and more throughput
> without having to buy 535. So I'm looking to load
> balance the two PIXs, which we can do with
> Checkpoint/Stonebeat combo.
> From the link you sent me on the 6509, it seems
> perhaps that I can use them to load balance to the
> PIXs from the inside? What is better for traffic
> coming from the internet to be load balanced on the
> PIX? The CSS or Local Director? The both seem to be
> for web or server traffic, but I can see them being
> used in other ways.
> Got any advice?
> Thanks.
>
> --- Tim O'Brien <[EMAIL PROTECTED]> wrote:
> > Here are some links for the CSS switches. For the
> > application that it
> > appears that you are trying to run you will need
> the
> > switches in front and
> > behind the PIX boxes. The PIX 535 is out now and
> > will do a Gig of
> > throughput. What are you trying to accomplish? You
> > can run PIXes in a
> > active/passive config if it is high availability
> > that you are looking for.
> > Give me a little more on the design that you are
> > doing.
> >
> >
>
http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/
> >
> >
> > or load balance on the 6500
> >
>
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/ios6k_wp.htm
> >
>
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/aslb_wp.htm
> >
> > ----- Original Message -----
> > From: "Yonkerbonk" <[EMAIL PROTECTED]>
> > To: "Wayne Lawson" <[EMAIL PROTECTED]>; "Tommy
> > Mitchell"
> > <[EMAIL PROTECTED]>;
> "cisco@groupstudy.
> > com (E-mail)"
> > <[EMAIL PROTECTED]>
> > Sent: Thursday, January 11, 2001 5:46 PM
> > Subject: RE: Any body know about Cisco Content
> > Switch
> >
> >
> > Hi Wayne,
> >
> > Could you point me to some information on the
> CSSes
> > and how to configure for load balancing? I was
> > looking
> > at Local Director and Alteon boxes to do that for
> > two
> > PIXs. Do I need them on both he outside and
> inside?
> > Thanks.
> >
> >
> > --- Wayne Lawson <[EMAIL PROTECTED]> wrote:
> > > Tommy,
> > >
> > > Actually you CAN have the CSS in an "active /
> > > active" mode
> > > with true firewall load balancing.
> > >
> > > Wayne Lawson, CCIE # 5244
> > > Systems Engineer - Cisco Systems, Inc.
> > > 2000 Town Center, Suite 450
> > > Southfield, Michigan 48075
> > >
> > > Voice: (248) 455 - 1663
> > > Cell: (248) 709 - 5797
> > > Pager: (800) 365 - 4578
> > >
> > >
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > Tommy Mitchell
> > > Sent: Wednesday, January 10, 2001 8:15 AM
> > > To: cisco@groupstudy. com (E-mail)
> > > Subject: Re: Any body know about Cisco Content
> > > Switch
> > >
> > >
> > > Yes, they can unless you're trying to
> load-balance
> > > firewalls. Try to
> > > load-balance firewalls and you have to go
> > > active-standby.
> > >
> > > Tommy
> > >
> > > ----- Original Message -----
> > > From: "Muhammad Faheem" <[EMAIL PROTECTED]>
> > > To: "cisco@groupstudy. com (E-mail)"
> > > <[EMAIL PROTECTED]>
> > > Sent: Wednesday, January 10, 2001 7:26 AM
> > > Subject: Any body know about Cisco Content
> Switch
> > >
> > >
> > > > Hi All
> > > >
> > > > Just wanted to know that Cisco Content Switch
> > > (CSS-11000 & CSS-11800) can
> > > > work as Active - Active or not.
> > > >
> > > > Thanks for Input
> > > >
> > > > Muhammad Faheem
> > > > Systems Engineer
> > > > Afcomp
> > > > Hello : (9714)-3933878 / 3027338
> > > > Fax : (9714)-3933832
> > > > Web : www.afcomp.com
> > > >
> > > > _________________________________
> > > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > > Report misconduct and Nondisclosure violations
> > to
> > > [EMAIL PROTECTED]
> > > >
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to
> > > [EMAIL PROTECTED]
> > >
> > > _________________________________
> > > FAQ, list archives, and subscription info:
> > > http://www.groupstudy.com/list/cisco.html
> > > Report misconduct and Nondisclosure violations
> to
> > [EMAIL PROTECTED]
> >
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Yahoo! Photos - Share your holiday photos online!
> > http://photos.yahoo.com/
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> > http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to
> > [EMAIL PROTECTED]
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Photos - Share your holiday photos online!
> http://photos.yahoo.com/
>
> _________________________________
> FAQ, list archives, and subscription info:
>
=== message truncated ===
__________________________________________________
Do You Yahoo!?
Yahoo! Photos - Share your holiday photos online!
http://photos.yahoo.com/
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
