Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
610
Views
5
Helpful
8
Replies

serial based and lan based failover

brajesh.kumar
Level 1
Level 1

‎02-24-2004 06:54 AM - edited ‎03-09-2019 06:32 AM

Hi There

Some doubts regarding serial based and lan based failover.

For Stateful link:

According to cisco documentation "If the two units are more than six feet apart, you can use the same Ethernet state link as the failover link, but we recommend that you use a separate Ethernet link if available. If they are closer than 6 feet, we recommend that you use the serial failover cable as the failover link."

Thus in serial based failover we use same link for stateful and failover.

But in the same documentation there is a question with answer as ..

Can I share the state link Ethernet interface with the failover link?

Yes, if you are connecting to a switch, and not using a crossover cable. However, we recommend that you use a separate connection.

Q1.How a serial based failover which uses same ethernet interface for both stateful and failover work without using any switch?

Q2.Also in case of lan based failover,which can use single link for both uses seperate link for failover and stateful.

Is the failover link and stateful link both greater than 6 feet or ony failover is greater than 6 feet?

Thanks in advance.

Brajesh.

Labels:
0 Helpful
8 Replies 8

scoclayton
Level 7
Level 7

‎02-24-2004 11:48 AM

Brajesh,

I'll take a crack at this. I think there is some confusion on your part (potentially caused by the wording in the docs). Serial based failover requires the use of a proprietary serial cable that goes between the primary and stand-by PIX. This cable is only manufactured in 6 foot lengths. It's only purpose is to transmit failover communications between the 2 PIX's that it is connected to.

Since some customers have PIX's that are more than 6 feet apart, we developed lan based failover. This is essentially the same thing as above except that instead of using the proprietary serial cable, you can dedicate a interface on each PIX and use an ethernet cable for this purpose.

The final piece of the puzzle is the stateful failover link. This can only be ethernet and is completely optional. The purpose of this is to pass connections from the active PIX to the stand-by PIX so that in the event of a failure, the stand-by PIX can pick up the connections without causing them to re-start. This connection is much like the lan based failover connection described above (dedicated interface on both PIX's).

Now, here is what you can do.

1) If the PIX's are within 6 feet of one another, use serial based failover (more functionality than lan based failover). You can do stateful failover as well but this will require you to dedicate an interface on both PIX's for this link.

2) If the PIX's are more than 6 feet away, use lan based failover. This will require that you dedicate a interface on each PIX for this communication. Additionally, you can also implement stateful failover in this situation in one of two ways. You can use the same interfaces for the stateful failover connections that you used for the lan based failover connections. However, this is not recommended due to the amount of traffic that is normally seen on the stateful link (don't want to cause an unnecessary failover due to failover messages not having enough bandwidth to pass). We recommend that you dedicate a 2nd interface on both PIX's for the stateful link.

Not sure if I answered your questions or not so please let me know if this is not clear.

Scott

0 Helpful

brajesh.kumar
Level 1
Level 1
In response to scoclayton

‎02-25-2004 07:44 AM

Thanks a lot Scott

My understanding regarding failover (now) is..

1.If the PIX's are within 6 feet of one another, use serial based failover which uses a proprietary serial cable that goes between the primary and stand-by PIX. This cable is only manufactured in 6 foot lengths. It's only purpose is to transmit failover communications between the 2 PIX's that it is connected to.

In this configuration only failover information can pass.

2. For Stateful Failover, you must use an Ethernet link to pass state information.This can be Fast Ethernet (100BASE-T) full duplex or Gigabit Ethernet (GE) (1000BASE-T) full duplex.

If units are with in 6 feet use crossover cable for stateful failover.

Now my doubts regarding serial based failover(<=6 feet):

1.Which interface it is using if not ethernet?

2.since to do stateful failover we have to use ethernet interface along with crossover cable.

Can we do both stateful and failover on this crossover wire(since stateful failover requires ethernet/crossover)?Or we have to use seperate for both?

Regarding Lan based failover:-

1.Since in this either for failover or stateful we are using ethernet interface.My question is what to use? use ethernet link as failover link(as by cisco documentation) or vice-versa(as by you).

And also the configuration of serial based failover in (second last in figure)

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html

we are using serial failover cable for both stateful and failover?

Hoping this time my question is clear.

Thanks.

Brajesh.

0 Helpful

scoclayton
Level 7
Level 7
In response to brajesh.kumar

‎02-26-2004 08:48 AM

Brajesh,

Answers in-line below:

1.If the PIX's are within 6 feet of one another, use serial based failover which uses a proprietary serial cable that goes between the primary and stand-by PIX. This cable is only manufactured in 6 foot lengths. It's only purpose is to transmit failover communications between the 2 PIX's that it is connected to.

In this configuration only failover information can pass.

A - Yes, you are correct.

1.Which interface it is using if not ethernet?

A - All PIX's greater than a 515 come with a serial connection built onto the chassis. This interface is used to connect the serial failover cable between the primary and stand-by PIX's.

2.since to do stateful failover we have to use ethernet interface along with crossover cable.

Can we do both stateful and failover on this crossover wire(since stateful failover requires ethernet/crossover)?Or we have to use seperate for both?

A - If you want to do lan based failover and stateful failover between the same 2 PIX's, you need to dedicate 2 interfaces on each PIX for this purpose. The lan based failover connection and the stateful failover connection are not supported when run on the same interface. If you are using 535's, you need to make sure that your stateful link is as fast as the fastest interface on the box. For example, if you have Gig interfaces on the PIX's, you will need to use another Gig interface for the stateful failover connection. Again, this is due to the sheer amount of traffic that is sent across this link in some cases.

Regarding Lan based failover:-

1.Since in this either for failover or stateful we are using ethernet interface.My question is what to use? use ethernet link as failover link(as by cisco documentation) or vice-versa(as by you).

And also the configuration of serial based failover in (second last in figure)

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html

we are using serial failover cable for both stateful and failover?

A - I'm afraid I don't really understand this question. The serial failover link is *only* used to pass failover communications between the 2 switches. Stateful failover is optional and is not required for box to box failover to occur. If you want to do stateful failover, you will need to dedicate an un-used interface on both PIX's for this purpose.

If the PIX's are physically seperated by more that 6 feet (the length of the serial cable), you can replace the serial failover cable with a lan based failover cable. This requires an un-used ethernet interface on both PIX's. Lan based failover however does not detect a loss of power from it's mate so we recommend serial based failover if at all possible.

Let me know if this is still not clear.

Scott

brajesh.kumar
Level 1
Level 1
In response to scoclayton

‎02-27-2004 06:52 AM

Thanks Scott for bearing me

Now very much clear.

To do stateful failover we have to dedicate an un-used interface(cossover if less han 6 feet,if more use switch in between,but no crossover wire) on both PIX's either for serial or lan based failover.

Now the configuration of serial based failover in (second last in figure)

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_configuration_guide_chapter09186a008017278a.html

is clear since serial based failover is not using ethernet interface(serial connection built onto the chassis).

I also understands that .."The serial failover link is *only* used to pass failover communications between the 2 switches. Stateful failover is optional and is not required for box to box failover to occur."

That is no overlapping.

But i am not getting what the cisco documentation is saying about same link to use.Accordind to cisco dcumentaton

"If the two units are more than six feet apart, you can use the same Ethernet state link as the failover link, but we recommend that you use a separate Ethernet link if available. If they are closer than 6 feet, we recommend that you use the serial failover cable as the failover link.

Note If you use the same link for both state and failover, you cannot use a crossover cable."

Can we use same link for both?

Thanks

Brajesh.

0 Helpful

scoclayton
Level 7
Level 7
In response to brajesh.kumar

‎02-27-2004 07:14 AM

Brajesh,

Sounds like you have a good handle on this. To answer your last question:

Yes, you can use the same physical cable for both lan based failover and stateful failover *if* it is absolutely necessary. This however, is not recommended. If you are going to use lan based failover and you also want to do stateful failover, it is highly recommended to use a seperate interface for each link due to performance problems we have seen in live networks.

Best of luck!

Scott

0 Helpful

brajesh.kumar
Level 1
Level 1
In response to scoclayton

‎02-28-2004 05:59 AM

Thanks a lot Scott

I think you have answered all my stupid questions.

Thanks.

Brajesh

0 Helpful

sateeshk
Level 1
Level 1
In response to scoclayton

‎02-27-2004 01:34 PM

hi scott

I have query about your discussion

1) will serial cable support statefull failover?(6feet distance)

Thanks

sateesh

0 Helpful

scoclayton
Level 7
Level 7
In response to sateeshk

‎02-29-2004 06:14 AM

Sateesh,

Unfortunately, no. The serial cable only carries failover communication between the 2 PIX's in the failover pair. Information such as current status, config changes, etc. are passed across this cable. If you want to do stateful failover in addition to normal serial cable failover, you will need to dedicate an ethernet interface on both units for the stateful failover connection. Hope this helps.

Scott

0 Helpful
Customers Also Viewed These Support Documents