Yes, I am aware of the throughput limits on the FWSM. I actually started looking at the ACE/FWSM load-balanced FW designs in order to scale beyond 1 FWSM so Active/Active is the way to go with a solution like this.
I've never heard of anyone doing this either but I thought I'd ask because I think it can work. (I'm not yet sure I would do it, but...)
I was thinking of using the DFC3CXL cards to accomodate up to 1 million routes/entries in the CEF tables.
So now I'm wondering what you think about VSS and VSL link vs. HSRP or VRRP. If the FWSM is only going to have a single default gateway (and it has to since Act/Act negates dynamic routing) either HSRP, GLBP or VRRP has to run on the MSFC SVIs connecting to the FWSMs. It seems to me that the amount of traffic crossing the link between switches is going to be the same either way. I guess with two HSRP groups running and proper gateway config on the FWSM instances this can be mitigated until a failure occurs. But BGP may just decide to send it to the other chassis for another exit interface anyway. Any thoughts on eBGP and first-hop redundancy protocols with VSS?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...