Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3368
Views
0
Helpful
1
Replies

ASA Failover bandwidth and latency requirements

Go to solution
nigelb
Level 1
Level 1

‎05-06-2009 05:54 AM - edited ‎03-11-2019 08:28 AM

Hi

Do Cisco have recommendations on minimum bandwidth/latency for the failover and state sync links between active/passive units?

Client wishes to geographically separate primary and secondary units over a layer2 WAN (Ethernet extension service).

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
srue
Level 7
Level 7

‎05-06-2009 06:23 AM

from the failover documentation:

Failover Interface Speed for Stateful Links

If you use the failover link as the Stateful Failover link, you should use the fastest Ethernet interface available. If you experience performance problems on that interface, consider dedicating a separate interface for the Stateful Failover interface.

Use the following failover interface speed guidelines for Cisco PIX security appliances and Cisco ASA adaptive security appliances:

•Cisco ASA 5520/5540/5550 and PIX 515E/535

-The stateful link speed should match the fastest data link

•Cisco ASA 5510 and PIX 525

-Stateful link speed can be 100 Mbps, even though the data interface can operate at 1 Gigabit due to the CPU speed limitation.

For optimum performance when using long distance LAN failover, the latency for the failover link should be less than 10 milliseconds and no more than 250 milliseconds. If latency is more than 10 milliseconds, some performance degradation occurs due to retransmission of failover messages.

All platforms support sharing of failover heartbeat and stateful link, but we recommend using a separate heartbeat link on systems with high Stateful Failover traffic.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
srue
Level 7
Level 7

‎05-06-2009 06:23 AM

from the failover documentation:

Failover Interface Speed for Stateful Links

If you use the failover link as the Stateful Failover link, you should use the fastest Ethernet interface available. If you experience performance problems on that interface, consider dedicating a separate interface for the Stateful Failover interface.

Use the following failover interface speed guidelines for Cisco PIX security appliances and Cisco ASA adaptive security appliances:

•Cisco ASA 5520/5540/5550 and PIX 515E/535

-The stateful link speed should match the fastest data link

•Cisco ASA 5510 and PIX 525

-Stateful link speed can be 100 Mbps, even though the data interface can operate at 1 Gigabit due to the CPU speed limitation.

For optimum performance when using long distance LAN failover, the latency for the failover link should be less than 10 milliseconds and no more than 250 milliseconds. If latency is more than 10 milliseconds, some performance degradation occurs due to retransmission of failover messages.

All platforms support sharing of failover heartbeat and stateful link, but we recommend using a separate heartbeat link on systems with high Stateful Failover traffic.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card