3825s are running "advipservicesk9-mz.123-11.T10" with 15Mbps links over DS3 services.
3825s are running GLBP towards the firewalls and BGP towards the PIP cloud.
SWs are Cisco 2960 switches is an unknown code level, the hosting center will NOT provide.
5510s are running an unknown code level, the hosting center will NOT provide
Now for the issue - at random load invervals, the SAPGUI login will stall for new sessions, active sessions slow tremendously. FTP transfers work as excepted, PING repsonses are in the normal levels. WAN Interface traffic levels are with in reason. I know what your thinking server issue, but according to our hosting center the servers are fine. Unfortunately we have to trust them. The hosting center wants to point the finger at GLBP sending bad MAC information to the FW cluster VIP.
So my question is this -
Is there any know issue with ASA and GLBP that would possibly cause this issue? ARP table confusion, XLATE tables, Bridge tables? If we static route to the physical IP of a router traffic passes with no issue.
We are currenlty running on the "2" path with no issues for over 5 days.
there is only one host in the internal LAN that is the active ASA firewall if the ASA is in routed mode, using GLBP in your scenario should not provide any load balancing unless the ASA is working in transparent mode.
Are you using the ASA in transparent mode?
Can you try to use HSRP instead of GLBP?.
>> at random load invervals, the SAPGUI login will stall for new sessions, active sessions slow tremendously.
I would agree on the possible impact on new sessions, but how a GLBP problem related to ARP can impact active sessions where each of them is already mapped to a forwarder MAC address?
>> If we static route to the physical IP of a router traffic passes with no issue
Can two static routes be configured ? And where is this static route configured on the SAP cluster or the ASA?
Again if the ASA is working in routed mode there is no sense in using GLBP, if the ASA is working in transparent mode the static routes should be configured on the SAP clusters.
(Pdf copy at the bottom)
Segmentation within SD-Access is enabled through the combined use of both Virtual Networks (VN), which are analogous to VRFs, and Cisco Scalable Group Tags (SGTs). VNs, like VRFs, provide comp...
The 2020 IT Blog Awards, hosted by Cisco, is now open for submissions through October 16. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco...
Hello,We have a pair of N3K-3064PQ-10GX and one of them acting as backup and we want to migrate from VyOS to it, we want to add 500x interface vlan and each interface vlan has its own ip/prefixes (for example /30 /29 ...) and we ahve 6-8x BGP session with...
We live in an age that is both thrilling and evolving substantially. A new trend/technology is always on rise even before the preceding has been used to its fullest potential. Although the concepts of digital transformation may seem over discussed, ...
Show CommandPurposeCiscoICX-RuckusShow Spanning tree infoShow spanning-treeshow 802-1wVerify Port-Channel / Link aggregation infosh lag briefsh etherchannel summaryShow CDC/LDP neighbor infoshow cdp neighbors detailsh lldp neighbors de sh mac a...