[c-nsp] traffic stuck firewall assymetry
james list
jameslist72 at gmail.com
Wed Mar 29 11:31:14 EDT 2017
Hi experts
I’ve a couple active-passive firewall clusters (both with two member-A and
member-B) in two different localtions connected with two different WAN
links (WAN-A and WAN-B).
One cluster in site A has firewall member-A as active and the router/switch
(C6500 not in VSS) with WAN link A as HSRP active and the opposite has
firewall member-B as active and the router/switch with WAN link A as HSRP
active.
Everything works properly but sometimes the virtual machine (behind the
firewall) got frozen.
Here a draft of the design:
VDI - Firewall-A(Active) – C6500A (active HSRP) ------– WAN link –------
C6500A (active HSRP) – Firewall-A (passive) - VDI
||
||
VDI - Firewall-B (passive)– C6500B (secondary HSRP) --– WAN link –------
C6500B (secondary HSRP) – Firewall-B (Active) - VDI
Can the assymmetry in site B be the cause ?
I suspect yes, but I cannot figure out why ?
Any hint or experience is appreciated.
Cheers
James
More information about the cisco-nsp
mailing list