[c-nsp] Distance limit of ASA Failover

David White, Jr. (dwhitejr) dwhitejr at cisco.com
Thu Mar 17 17:35:01 EDT 2011


For the ASA, what is important is the latency caused by the distance. 
For best results, latency should be less than 10 msec.  There is a 30
msec timer used to check the acknowledgment that the peer received the
message (this includes round-trip time, plus the time it takes the peer
to accept, process, and respond to the message).  However, latencies up
to 250 msec is possible/acceptable, but there will be quite a bit of
overhead, as the ASA will retransmit every failover message 8 times at
this latency.   If the latency is large (near 250 msec), then the
failover poll and holdtimes must not be configured at low values.  
Using a polltime of 1 sec and a holdtime of 15 sec would be fine.  Long
distance failover should not be deployed when latencies between ASAs
exceed 250 msec.

Sincerely,

David.

Chris Kane wrote:
> I've been looking for some doco and was hoping someone here had a good
> reference. Now that so many of us are extended Layer 2 between data centers
> I'd like to find documentation that recommends the distance limit for the
> ASA Failover. Since pseudowires hide the Ethernet distance I'm wondering if
> there is a time based limitation (ex. 30ms). And I'm assuming only
> Active/Standby could be supported in geographically distant (read several
> hundred miles apart) data centers.
>
> Thanks,
> -chris
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>   



More information about the cisco-nsp mailing list