Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
584
Views
10
Helpful
7
Replies

CSS Redundancy Design

Ahmed Shahzad
Level 1
Level 1

‎01-07-2009 02:58 AM

I am currently writing LLD for a Data Center project and planning for the CSS redundancy design. The BoQ of CSS is given below:

Content Switches/Load Balancers: CSS11503 2

Cisco 11503 Content Services Switch SCM-2GE HD AC 2

WebNS 8.1X Enhanced Feature Set for CSS 11500 Platforms 2

WebNS Secure Management License: Enables Strong Encryption 2

CSS11500 SSL Module w/ Compression 2

WebNS License Claim Certificate: for V8.XX or higher 2

CSS11500 System Control Module 2GE HD, Order 0-2 CSS5-GBIC 2

CSS11500 Gigabit Ethernet IOM: 2 Port, Order 0-2 SFP 2

GE SFP, LC connector SX transceiver 12

Customer does not have given any specific requirement, but looking at BoQ is seems that two CSS are populated with SSL Module s/ Compression, so they might need SSL and Compression to be configured in future.

The best scenario is to configure these two CSS in Load Balance with Stateful failover. Since we have three Redundancy options in CSS:

1. VIP and Virtual Interface Redundancy - Can be configured in Load Balanced but no stateful failover.

2. ASR Redundancy - Can be configured in load balanced with stateful failover. It sounds ok, but the main disadvantage is that ASR & an SSL Module, and ASR & HTTP Compression cannot be configured on same Service.

3. Box-to-Box Redundancy - Cannot configured in load balanced, but I have no idea either it support stateful or stateless failover.

There are only two options left; one is VIP and Virtual Interface Redundancy and second is Box-to-Box Redundancy. What do you recommend in such scenario? Please note that I have two extra Gig ports available in CSS.

Labels:
0 Helpful
7 Replies 7

Gilles Dufour
Cisco Employee
Cisco Employee

‎01-07-2009 03:51 AM

ASR only work with vip/interface redundancy.

Vip/Interface redundancy is the preferred choice if you are looking for fast failover/recovery.

Box-2-box is slower to detect the failure and failover.

But this solution is easier to implement so some people prefer to go this way.

Gilles.

Ahmed Shahzad
Level 1
Level 1
In response to Gilles Dufour

‎01-07-2009 04:35 AM

Dear Gillies,

Thank you for your reply. May I know the answer of following queries:

1. Box-2-Box failover is stateful or stateless.

2. Does there any limitation on SSL or Compression configuration configuration in case of Box-2-Box failover.

3. ASR Redundancy support ASR & an SSL Module, and ASR & HTTP Compression on same Service.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Ahmed Shahzad

‎01-07-2009 07:42 AM

ASR is the stateful side of vip/interface redundancy.

You can't use ASR alone.

You first need vip/interface redundancy and then you can add ASR if you need stateful redundancy.

Box-to-Box is therefore not stateful.

There is no stateful failover for SSL traffic - this is true for every type of loadbalancers.

This is just not possible as of today.

Not just a Cisco limitation.

So, if you have this module, the traffic going through the module can't be replicated.

The rest of the traffic still can be replicated to the standby.

Gilles.

Ahmed Shahzad
Level 1
Level 1
In response to Gilles Dufour

‎01-07-2009 08:02 AM

Thanks Gilles for your quick reply.

May I have two more queries:

1. Does Box-2-Box Redundancy support ASR & an SSL Module, and ASR & HTTP Compression on same Service?

2. Both Box-2-Box Redundancy and VIP/Interface are not stateful. But we are using an extra cable for Box-2-Box redundancy, so what extra advantage we get in Box-2-Box redundancy over VIP/Interface Redundancy.

Regards,

Shahzad.

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to Ahmed Shahzad

‎01-07-2009 08:34 AM

1/ Bob-to-Box redundancy does not support ASR.

2/ The only advantage of box-to-box redundancy is that the config is easier to implement. You don't need to configure 'redundant-index' for every content rule, group, serverfarm, ...

Gilles.

Ahmed Shahzad
Level 1
Level 1
In response to Gilles Dufour

‎01-07-2009 10:07 AM

I am sorry there was some typo mistake in question 1. Does Box-2-Box Redundancy support SSL Module, and HTTP Compression?

It is very difficult to belive the answer of question 2, that the only difference is the configuration easiness.....

Looking at the BoQ, I am concluding to use VIP/Interface Redundancy. Please comments in case you dis-agree...

0 Helpful

k.abillama
Level 1
Level 1
In response to Ahmed Shahzad

‎04-15-2009 10:19 PM

Hi Guys,

I was reading your post and understood that in my case where I have ACE being used as an SSL offloader in a HA setup, the ssl sessions will not be statefully replicated, is it right?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents