How many ssl modules are needed for a redundant configuration?

Unanswered Question
Feb 23rd, 2006
User Badges:

Hi, apologies but I can't seem to find a definite answer for this question. I have two css 11506's set up using vip/virtual interface redundancy (active/standby). Each css 11506 has a single ssl module.

Is this adequate for ssl redundancy? I've read in this forum that if an ssl module fails, the css will reboot causing failover to the standby css so ssl connections will simply reset and as long as I have ASR set up on the back end http content, users will not notice the failover.

Am I correct in this thinking or do you recommend using two ssl modules in each css? Thinking there is that if one ssl module fails, there will still be a 2nd module to handle ssl traffic and the css's will not failover.



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Gilles Dufour Thu, 02/23/2006 - 10:28
User Badges:
  • Cisco Employee,

there is no need for 2 modules.

You would use 2 modules if you need more power [handle more connections].

However, your assumption is incorrect.

Nowadays, there is no device in the worl [cisco and non-cisco] that can do SSL ststeful failover.

In other words, upon failure, all SSL users will have to restart their connection.



This Discussion