cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
345
Views
0
Helpful
2
Replies

How many ssl modules are needed for a redundant configuration?

bjelf
Level 1
Level 1

Hi, apologies but I can't seem to find a definite answer for this question. I have two css 11506's set up using vip/virtual interface redundancy (active/standby). Each css 11506 has a single ssl module.

Is this adequate for ssl redundancy? I've read in this forum that if an ssl module fails, the css will reboot causing failover to the standby css so ssl connections will simply reset and as long as I have ASR set up on the back end http content, users will not notice the failover.

Am I correct in this thinking or do you recommend using two ssl modules in each css? Thinking there is that if one ssl module fails, there will still be a 2nd module to handle ssl traffic and the css's will not failover.

Thanks

-Dan

2 Replies 2

Gilles Dufour
Cisco Employee
Cisco Employee

there is no need for 2 modules.

You would use 2 modules if you need more power [handle more connections].

However, your assumption is incorrect.

Nowadays, there is no device in the worl [cisco and non-cisco] that can do SSL ststeful failover.

In other words, upon failure, all SSL users will have to restart their connection.

Gilles.

Thanks for confirmation.

-Dan

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: