Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

FWSM Failover

What is the failover time between active and standby FWSM ?

1- If they are installed on the same 6500 Chassis ?

2- If they are installed on different Cat-6500 Chassis ?

Regards

Mohamed

4 REPLIES

Re: FWSM Failover

Hi,

FWSM's failover time does not affected by intra-chassis (same switch) or inter-chassis (different switches)setup. But it does when your etherchannel link is smaller, e.g 1 GE, compared to 6GE as recommended by Cisco for inter-chassis. Other than that is if your FWSM participate in dynamic routing like OSPF, where it will affect the failover process, especially on the time taken by OSPF to converge/recover.

FWSM failover time depends on:

* polltime unit [msec] number?The amount of time between hello messages. Set the time in seconds between 1 and 15. The default is 1 second. If you specify msec, you can set the time between 500 and 999 milliseconds.

* holdtime number?Sets the time during which a unit must receive a hello message on the failover link, or else the unit begins the testing process for peer failure. Set the time in seconds between 15 and 45. The default is the greater of 15 seconds or 3 times the polltime. You cannot enter a value that is less than 3 times the polltime.

For example, if the polltime is 1 second, then a 15 second holdtime means 15 hello messages are missed before the unit is tested for failure.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_module_configuration_guide_chapter09186a00802010c0.html#wp1110489

Rgds,

AK

New Member

Re: FWSM Failover

Hi,

We have dual Giga links between the two cat-6500 switches, and We are running EIGRP ( NO OSPF ),

I think we will configure the FWSM in transparnt mode

How can I calculate the failover time in my case ?

Regards

Mohamed

Re: FWSM Failover

Hi Mohamed,

FWSM can allow EIGRP traffic (port 88) to pass through, but not participate in EIGRP.

But since you plan to run transparent mode, it will not be an issue as all EIGRP routing processes will be handled at switch's level. FWSM will only act like a bridge/hub.

2GEs probably just enough for your failover (preferably stateful failover).

For your failover to occur or how fast it will take place, it depend on the time you specify for the polling (failover checking) process. Default value is 1 sec, max is 15 sec. THere's no fix calculation for that. Example:

failover poll 3 -> polling every 3 sec

Please take into consideration that 1 sec probably too fast, and any delay due to congestion or heavy traffic might trigger unnecessary failover. Put any figure based on your network environment

The easiest way to test failover time is to use ping/icmp test. Observe the time it takes to fully swing to the other unit.

Ping from your server/host behind active FWSM to any server/host outside FWSM, or from host/server outside FWSM to server/host behind FWSM, or both.

Then, session into your standby FWSM, and issue 'failover active' command, and immediately measure the time it takes complete the failover between FWSMs. You'll noticed that there will be a 'request timed-out' during the failover process.

The failover time will be different depending on the polling time value.

Rgds,

AK

New Member

Re: FWSM Failover

Hi AK,

thanks for your reply

Is this mean that failover poll = Failover-time if there is no congestion ?

What about network traffic during this time ?

will I get session disconnect on some application ?

Regards

Mohamed

711
Views
0
Helpful
4
Replies