Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
690
Views
5
Helpful
3
Replies

6500 server farm load balancing

Go to solution
lcaruso
Level 6
Level 6

‎04-04-2011 10:13 AM - edited ‎03-06-2019 04:26 PM

Hi,

I have a client who could benefit from hardware based server farm load balancing on a Cisco swtich.

As I understand it, the 6500 platform is the only one having this feature. What hardware module is required and/or what software features?

How well does this work in your experience?

Also, if he wanted to replace his firewall I understand the 6500 could be configured with a firewall module as well that can run at wire speed?

Can anyone confirm?

Thanks.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-04-2011 10:30 AM

The module for 6500 load-balancing is the ACE module (Application Control Engine). It runs software of it's own which you can specify when you purchase the module.

The module for firewalling is the FWSM (Firewall Services Module). This also runs software of it's own which you can specify when you purchase. It should be noted that the FWSM is not an equivalent of the ASA ie. the FWSM only does firewalling, it does not do IPS/IDS/content filtering etc.

Both modules have the ability to run contexts which means you can have multiple virtual load-balancers/firewalls on the same module. These contexts are to all intents and purposes separate devices running on the same physical hardware. You can purchase context licenses depending on the number you need.

Wire speed is misleading because the FWSM has no input ports as such eg. a 48 port switch (or module) running 10/100/1000 ethernet could be considered wire speed if the switch fabric for the switch, or the connection to the switch fabric for the module was 48Gbps or more so that all 48 ports could run at full 1Gbps speed and there was no contention. The FWSM has no input ports as such so it's difficult to talk about wire speed.

The FWSM can support up to 5Gbps of throughput but there are standalone ASA models that can support significantly more so in pure throughput terms there are better options available. But there might be better reason to use the FWSM eg. a good use of them in conjunction with the ACE module is to provide mutiple contexts where each context on the ACE module lines up vertically with each context on the FWSM providing you with multiple load-balanced and firewall contexts.

A lot depends on your specific requirements.

Jon

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame

‎04-04-2011 10:30 AM

The module for 6500 load-balancing is the ACE module (Application Control Engine). It runs software of it's own which you can specify when you purchase the module.

The module for firewalling is the FWSM (Firewall Services Module). This also runs software of it's own which you can specify when you purchase. It should be noted that the FWSM is not an equivalent of the ASA ie. the FWSM only does firewalling, it does not do IPS/IDS/content filtering etc.

Both modules have the ability to run contexts which means you can have multiple virtual load-balancers/firewalls on the same module. These contexts are to all intents and purposes separate devices running on the same physical hardware. You can purchase context licenses depending on the number you need.

Wire speed is misleading because the FWSM has no input ports as such eg. a 48 port switch (or module) running 10/100/1000 ethernet could be considered wire speed if the switch fabric for the switch, or the connection to the switch fabric for the module was 48Gbps or more so that all 48 ports could run at full 1Gbps speed and there was no contention. The FWSM has no input ports as such so it's difficult to talk about wire speed.

The FWSM can support up to 5Gbps of throughput but there are standalone ASA models that can support significantly more so in pure throughput terms there are better options available. But there might be better reason to use the FWSM eg. a good use of them in conjunction with the ACE module is to provide mutiple contexts where each context on the ACE module lines up vertically with each context on the FWSM providing you with multiple load-balanced and firewall contexts.

A lot depends on your specific requirements.

Jon

0 Helpful

Go to solution
ROBERTO TACCON
Level 4
Level 4

‎04-04-2011 12:00 PM

Hi,

about SLB on cat6500:

Cisco ACE 30 Application Control Engine

http://www.cisco.com/go/ace

about FW on cat6500

Cisco ASA Services Module

http://www.cisco.com/go/asasm

HTH

Roberto Taccon

Go to solution
Giuseppe Larosa
Hall of Fame
Hall of Fame
In response to ROBERTO TACCON

‎04-04-2011 12:24 PM

Hello Roberto,

I don't see a configuration guide for this new ASASM in

http://www.cisco.com/en/US/products/hw/switches/ps708/products_installation_and_configuration_guides_list.html

However, performance data looks like improved in comparison to FWSM.

In my experience I have never seen a FWSM able to deliver 5Gbps per direction but rather 5Gbps adding tx and rx.

Hope to help

Giuseppe

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card