Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

How many ssl modules are needed for a redundant configuration?

Hi, apologies but I can't seem to find a definite answer for this question. I have two css 11506's set up using vip/virtual interface redundancy (active/standby). Each css 11506 has a single ssl module.

Is this adequate for ssl redundancy? I've read in this forum that if an ssl module fails, the css will reboot causing failover to the standby css so ssl connections will simply reset and as long as I have ASR set up on the back end http content, users will not notice the failover.

Am I correct in this thinking or do you recommend using two ssl modules in each css? Thinking there is that if one ssl module fails, there will still be a 2nd module to handle ssl traffic and the css's will not failover.

Thanks

-Dan

2 REPLIES
Cisco Employee

Re: How many ssl modules are needed for a redundant configuratio

there is no need for 2 modules.

You would use 2 modules if you need more power [handle more connections].

However, your assumption is incorrect.

Nowadays, there is no device in the worl [cisco and non-cisco] that can do SSL ststeful failover.

In other words, upon failure, all SSL users will have to restart their connection.

Gilles.

New Member

Re: How many ssl modules are needed for a redundant configuratio

Thanks for confirmation.

-Dan

123
Views
0
Helpful
2
Replies
CreatePlease to create content