From: Brant Stevens (branto@xxxxxxxxxxxxx)
Date: Fri Oct 26 2001 - 20:38:18 GMT-3
I've done similar networks with Foundry ServerIrons, not the CSS switches.
In that configuration, the FSI was a layer 2/4 device, that was also
active/passive... The failover was undetectable, to both me and our load
testing software...
Are the CSS's blocking LSAs on the passive box, or are they acting as OSPF
routers themselves... What are the DR/BDRs on your network? The Nokias, or
the CSS, if they are in fact running OSPF natively...
Also, try turning off spanning tree on the redundant (failover)
interfaces... Depending ion your infrastructure, you may be able to disable
it completely...
HTH,
Brant
----- Original Message -----
From: <twdaniel@bellsouth.net>
To: <ccielab@groupstudy.com>
Sent: Friday, October 26, 2001 3:41 PM
Subject: OT: Cisco CSS Firewall LoadBalancing
> I have configured firewall loadbalancing using the Cisco CSS 11000 series
switches. Loadbalancing works perfectly with the CSS switches working in a
primary and backup mode using VRRP and static routes. I am trying use OSPF
throughout the backbone. This also works correctly with the primary/backup
CSS configuration as shown. However, the convergence time can be over 20
secs. The backup CSS does not intilize the Fastethernet Interfaces until it
sees that the primary CSS's interface has gone down. This delays the
building of OSPF adjancies and increase the convergence time. I would like
to decrease this time by having the CSS operate in an ACTIVE/ACTIVE mode
instead of an ACTIVE/PASSIVE mode. This would allow the both CSS switches to
learn the OSPF routes and eliminate convergence time all together. Is this
feasible??? Anyone else have any other ideas or comments. The firewalls are
Nokia IP600 running Checkpoint. Thanks for your assistance.
>
> http://www.cisco.com/warp/public/117/fw_load_balancing.html
This archive was generated by hypermail 2.1.4 : Thu Jun 20 2002 - 22:33:26 GMT-3