RE: Any body know about Cisco Content Switch

Yonkerbonk Sat, 13 Jan 2001 01:09:44 -0800
Actually, before I found out about the CSS, I had
intended to put two Alteons in front of the PIX and
two behind for a total of four. So yes, there would be
redundancy at that level too. And behind the PIXs
would be two Checkpoints, using Stonebeat to load
balance.
I'm just wondering if local director and CSS will be
able to do this too.

--- Christopher Larson <[EMAIL PROTECTED]> wrote:
> I suppose maybe you could still get this to work
> through a combination of
> the discussed and some DNS manipulation, but I would
> have to think to much
> to figure it out, and I suppose that is part of what
> the CSS is addressing.
> I can see where if the CSS had a single address that
> pointed to multiple
> advertised globals on seperate pix's this would be
> easier, but then for high
> availability won't you also need 2 CSS'? Now my
> cusriosity is peaked. I
> think I should research the CSS' and what they do
> exactly to allow for
> firewall load balancing.  
> 
> 
> 
> 
> 
> ----Original Message-----
> From: Christopher Larson 
> Sent: Friday, January 12, 2001 11:14 AM
> To: 'Yonkerbonk'; Christopher Larson; Tim O'Brien;
> [EMAIL PROTECTED]
> Subject: RE: Any body know about Cisco Content
> Switch
> 
> 
> For statefull PIX failovers they do need to share
> info. In the scenario
> below, a downed PIX would cause people to need to
> reconnect. In Pix's
> statefull failover that would not happen. I guess
> there is a lot more at
> issue here then I first thought. Like the static's
> and nat on the pix's. You
> could not maintain that info in this scenario. You
> could not have both pix's
> advertising the same global address either so it
> would not work.
> 
> -----Original Message-----
> From: Yonkerbonk [mailto:[EMAIL PROTECTED]]
> Sent: Friday, January 12, 2001 10:26 AM
> To: Christopher Larson; Tim O'Brien;
> [EMAIL PROTECTED]
> Subject: RE: Any body know about Cisco Content
> Switch
> 
> 
> I imagine the problem comes when the PIX needs to
> know
> the state of the data flow, like if it's an ongoing
> TCP session or just random data. I'm not sure if
> this
> is an issue. Do the PIXs need to share information?
> Do
> the CSS do that for them?
> 
> --- Christopher Larson <[EMAIL PROTECTED]> wrote:
> > I am not sure about CSS switches, and maybe your
> > needs are special, but
> > couldn't you just add a default route to both
> PIX's
> > on each switch's RSM and
> > turn off fast-switching. You will then get per
> > packet load balancing between
> > the switches and the pix's. 
> > 
> > I have done this before between 6500's and routers
> > in for high
> > avail/reliability but not between the switches and
> > PIX's. I don't know why
> > it wouldn't work with the pix though .
> > 
> > 
> > 
> > 
> >  
> > 
> > -----Original Message-----
> > From: Yonkerbonk [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, January 11, 2001 8:39 PM
> > To: Tim O'Brien; [EMAIL PROTECTED]
> > Subject: Re: Any body know about Cisco Content
> > Switch
> > 
> > 
> > We currently have our PIXs side by side right
> behind
> > the internet routers. Then the PIXs connect into
> two
> > redundant 6509s, which is our core.
> > We are trying for high availibility, which the
> > failover software already does for us. But I was
> > thinking it probably was better to use both of
> them
> > at
> > the same time, more efficient and more throughput
> > without having to buy 535. So I'm looking to load
> > balance the two PIXs, which we can do with
> > Checkpoint/Stonebeat combo.
> > From the link you sent me on the 6509, it seems
> > perhaps that I can use them to load balance to the
> > PIXs from the inside? What is better for traffic
> > coming from the internet to be load balanced on
> the
> > PIX? The CSS or Local Director? The both seem to
> be
> > for web or server traffic, but I can see them
> being
> > used in other ways.
> > Got any advice?
> > Thanks.
> > 
> > --- Tim O'Brien <[EMAIL PROTECTED]> wrote:
> > > Here are some links for the CSS switches. For
> the
> > > application that it
> > > appears that you are trying to run you will need
> > the
> > > switches in front and
> > > behind the PIX boxes. The PIX 535 is out now and
> > > will do a Gig of
> > > throughput. What are you trying to accomplish?
> You
> > > can run PIXes in a
> > > active/passive config if it is high availability
> > > that you are looking for.
> > > Give me a little more on the design that you are
> > > doing.
> > > 
> > >
> >
>
http://www.cisco.com/warp/public/cc/pd/si/11000/prodlit/
> > > 
> > > 
> > > or load balance on the 6500
> > >
> >
>
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/ios6k_wp.htm
> > >
> >
>
http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/tech/aslb_wp.htm
> > > 
> > > ----- Original Message -----
> > > From: "Yonkerbonk" <[EMAIL PROTECTED]>
> > > To: "Wayne Lawson" <[EMAIL PROTECTED]>; "Tommy
> > > Mitchell"
> > > <[EMAIL PROTECTED]>;
> > "cisco@groupstudy.
> > > com (E-mail)"
> > > <[EMAIL PROTECTED]>
> > > Sent: Thursday, January 11, 2001 5:46 PM
> > > Subject: RE: Any body know about Cisco Content
> > > Switch
> > > 
> > > 
> > > Hi Wayne,
> > > 
> > > Could you point me to some information on the
> > CSSes
> > > and how to configure for load balancing? I was
> > > looking
> > > at Local Director and Alteon boxes to do that
> for
> > > two
> > > PIXs. Do I need them on both he outside and
> > inside?
> > > Thanks.
> > > 
> > > 
> > > --- Wayne Lawson <[EMAIL PROTECTED]> wrote:
> > > > Tommy,
> > > >
> > > >   Actually you CAN have the CSS in an "active
> /
> > > > active" mode
> > > > with true firewall load balancing.
> > > >
> > > > Wayne Lawson, CCIE # 5244
> > > > Systems Engineer - Cisco Systems, Inc.
> > > > 2000 Town Center, Suite 450
> > > > Southfield, Michigan 48075
> > > >
> > > > Voice:  (248) 455 - 1663
> > > > Cell:  (248) 709 - 5797
> > > > Pager: (800) 365 - 4578
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: [EMAIL PROTECTED]
> > > > [mailto:[EMAIL PROTECTED]]On Behalf Of
> > > > Tommy Mitchell
> > > > Sent: Wednesday, January 10, 2001 8:15 AM
> > > > To: cisco@groupstudy. com (E-mail)
> > > > Subject: Re: Any body know about Cisco Content
> > > > Switch
> > > >
> > > >
> 
=== message truncated ===


__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/

_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Any body know about Cisco Content Switch

Reply via email to
