cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1254
Views
0
Helpful
3
Replies

Latency limit between 2 secure firewall clusters between DC's

blue phoenix
Level 1
Level 1

Hi,

 

Does anyone know where I can find this information?  We are trying to design a NextGen DC and it's one of the requirements.

 

Thanks,

3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

The Cluster Control Link (CCL) must have L2 reachability with <10ms of latency.

Source: Cisco Live presentation BRKSEC-3032 by Andrew Ossipov.

balaji.bandi
Hall of Fame
Hall of Fame

in addition to  to @Marvin Rhoads  comments.

 

look at the deployment guide :

 

luster Control Link Reliability for Inter-Chassis Clustering

To ensure cluster control link functionality, be sure the round-trip time (RTT) between units is less than 20 ms. This maximum latency enhances compatibility with cluster members installed at different geographical sites. To check your latency, perform a ping on the cluster control link between units.

The cluster control link must be reliable, with no out-of-order or dropped packets; for example, for inter-site deployment, you should use a dedicated link.

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/fxos/clustering/ftd-cluster-solution.html#concept_6321258BF0C640489F33AF82CDD53B4C

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

I don't think that will be a viable solution since the ping RTT from Vancouver to Chicago is 40+ ms.  Does that mean this solution is not viable for transatlantic distances?

Review Cisco Networking for a $25 gift card