FWSM clustering using ACE

Unanswered Question
Jan 5th, 2008


I wish to cluster four FWSM modules using ACE module for getting higher throughput and scalability.

have anybody done this, what are the problems that we will face?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
didyap Fri, 01/11/2008 - 06:28

You can use the PBR method for FWSM clustering if the addresses of the source packets cannot be easily defined. But if the traffic source was the internet and not well defined source networks you would not be able to determine the FWSM selection based on the source address. The load balancing algorithm in the two ACE modules sync with each other in such a way to ensure that the fwsm selection from the first ace (insecure-secure) and the fwsm selection of the second ACE for the return path (secure-insecure) will always select the common same FWSM for a source-destination pair. There is no state sharing involved. It's the MAC-address sticky trick (the command is mac-sticky enable).


This Discussion