Single FE Link for State/Link PIX Failover

Discussion started by Matthew Melbourne, Jan 9, 2005

  1. Are there any disadvantages to using the same physical FastEthernet link
    for the LAN-based Failover "link status" and the stateful synchronisation
    link on a fairly lightly loaded PIX 515E pair?

    Is the issue the possibility of the LAN-based failover 'keepalives' not
    arriving in a timely fashion if the traffic associated with stateful
    replication starts to monopolise the link?


    Matthew Melbourne, Jan 9, 2005
  2. Matthew Melbourne

    AJN Guest


    Indeed, it's possible to share the LAN-based failover interface with
    statefull failover interface under lightly loaded configuration, but Cisco
    recommend to use a dedicated LAN-based failover interface (with dedicated
    switch) , because if all connectivity between PIX's is lost both could
    become active.

    Another advantage of the LAN-based failover is distance limitation, and the
    weakness is the delayed detection of its peer power loss, consequently
    causing a relatively longer period for failover to occur (intermediate
    switches delays + cable delay).
    AJN, Jan 10, 2005
  3. I could not experience any difference or delays in failover when using
    dedicated LAN connections compared to serial failover-cable. At least
    that is true when directly connecting PIX 525 or 535 over dedicated
    66-MHz SX gigabit ethernet cards.

    Alexander Apathy, Jan 10, 2005
