[c-nsp] Distance limit of ASA Failover
David White, Jr. (dwhitejr)
dwhitejr at cisco.com
Thu Mar 17 17:35:01 EDT 2011
For the ASA, what is important is the latency caused by the distance.
For best results, latency should be less than 10 msec. There is a 30
msec timer used to check the acknowledgment that the peer received the
message (this includes round-trip time, plus the time it takes the peer
to accept, process, and respond to the message). However, latencies up
to 250 msec is possible/acceptable, but there will be quite a bit of
overhead, as the ASA will retransmit every failover message 8 times at
this latency. If the latency is large (near 250 msec), then the
failover poll and holdtimes must not be configured at low values.
Using a polltime of 1 sec and a holdtime of 15 sec would be fine. Long
distance failover should not be deployed when latencies between ASAs
exceed 250 msec.
Sincerely,
David.
Chris Kane wrote:
> I've been looking for some doco and was hoping someone here had a good
> reference. Now that so many of us are extended Layer 2 between data centers
> I'd like to find documentation that recommends the distance limit for the
> ASA Failover. Since pseudowires hide the Ethernet distance I'm wondering if
> there is a time based limitation (ex. 30ms). And I'm assuming only
> Active/Standby could be supported in geographically distant (read several
> hundred miles apart) data centers.
>
> Thanks,
> -chris
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list