FWSM and dual chassis failover

Hello all:

I've been trying to find out what the recommended bandwidth requirement
for the failover link in a dual 6509 chassis setup with a FWSM in each.
In the configuration guide for the FWSM 2.2 code, it mentions a 6 gig
etherchannel between the chassis, but also says it's optional. The 2.3
configuration guide makes no reference to how the link should be
configured. Anybody have any sugesstions here?

Thanks.

John Bracey, Network Analyst
California State University, Chico

 

IMHO Cisco recommends a 6 GE channel because this is the same size the
channel between MSFC/FWSM in a chassis has.

In dual chassis failover setup, you may have a failover scenario that
the primary FWSM fails but all other components in the primary chassis
are running fine, including links to surrounding equipment (uplinks,
DMZ connections etc) and the MSFC.

In such a scenario, traffic routed/bridged to and from the FWSM flows
through the failover channel or any other link between both chassis.

http://www.cisco.com/en/US/products..._guide_chapter09186a00802c642c.html#wp1039132

More specific: Traffic flows over the links you trunk vlans that are
assigned to the FWSM through vlan groups.

Beside both FWSM specific failover connections (state replication and
monitoring/testing traffic) the amount of your production traffic must
be considered for capacity planning, too.

Of course, you do not need to trunk FWSM production vlans through the
FWSM failover trunk, you can have different trunks/links between both
chassis for production traffic.

I'd recommend a channel group that consists of GE links (from different
Cat. modules) if possible.

2 GE interfaces in that channel are more than enough if you trunk your
production traffic through different links to the opposite chassis.

If you want to use the FWSM failover trunk for production traffic link
redundancy too, you must increase the amount of ports in that channel.

Hope that helps,

Christian

 

Christian:

Thanks for the info, yes this helps a bunch.

-John Bracey

 

Hi, just some additional information for you.

We are running same scenario, we are using 2ge links between the boxes,
the idea being that all traffic should flow through one device, if there
is a failover then lowering the bandwidth is acceptable to us (but I think
I might review this).

However we have recently spent the last 5 months working with Cisco on a
strange problem where traffic would not be forwarded properly. This
problem turns out to be a problem with running etherchannels across two
separate modules (line cards), even though Cisco knew about the problem it
took over 5 months for them to tell us (we did have a work around to reset
certain devices in a particular order). The problem is apparently
hardware releated.

So if you experience issues I recommend running the etherchannels on the
same card.

D

 

D-
I'm wondering if you might have a Bug ID from Cisco?