Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

IDSM-2 load sharing across two chassis

We are currently putting together a solution that I have come in halfway through just after some assistance in regards to setting up the IDS. We have 2 * 6509 chassis, 2 * IDSM-2 modules.

Scenario 1 - Both IDSM-2 Modules in primary chassis, can load balance traffic to IDS. Primary Chassis failure = no ids.

Scenario 2 - IDSM-2 Module in each chassis, active/standby scenario. Can basically only use one IDSM modules throughput. Chassis failure still have IDS.

At the moment I am leaning towards the first scenario and no IDS if we have a chassis failure. Just wondering if it's possible to load balance in scenario 2.

1 REPLY
Cisco Employee

Re: IDSM-2 load sharing across two chassis

Hi,

I guess it depends on your topology. If your 6509 switches are used as layer 3 switches using HSRP then even if only one 6509 is used as HSRP active for all VLANs and you have two IDSMs in there, you will miss all the traffic that is going through your HSRP standby chassis. For example, outbound traffic of a VLAN may be seen by HSRP Primary's IDSMs, but return traffic could be comming in both directions (HSRP Primary and Secondary 6509s). If you have one IDSM on each 6509s, then you are already using both of them. Please note that IDSM2's throughput is 600 Mbps.

Thank you.

Edward

171
Views
0
Helpful
1
Replies
CreatePlease to create content