--> High Availability in ASA can be achieved by using two methods,
i) ASA Active/Standby and Active/Active Failover
ii) ASA Clustering
--> We can achieve High Availability using ASA Active/Standby & Active/Active Failover but there is scalability issue ( We can use only two devices at a time for forwarding the data).
--> By using ASA Clustering we can combine up to 16 ASA Physical Firewalls into one logical Firewall.
--> Each device in the cluster is called as a cluster member and every member actively forwards the data traffic.
--> One device in the cluster is elected as Master/Primary which performs all the control plane related functions.
--> Remaining other devices in the cluster are called as Slave/Secondary device which only forwards the data.
--> only Primary ASA in the cluster forms the neighbor relationship with other devices in the network.
--> By default the first ASA which is up will be elected as Primary Device in the Cluster.
--> We can change this behavior by using the priority value on the ASA, the ASA with the highest priority will be elected as Master/Primary Device.
--> If the priority is same in all ASA devices then the serial number is used to select the primary device.
--> There is no preemption in the cluster if any device joins with the high priority it does not automatically become primary ASA.
--> An election in the cluster only done when the current primary device fails.
--> If an interface of any device in the cluster fails that device will be removed from the cluster.
--> Cluster Control link is used for carrying the control plane traffic within the cluster, each and every device will have one or more links are configured as cluster control link.
--> Every Connection in the cluster is handled by single ASA device. In order to perform forwarding of data traffic for each connection in the cluster, devices are classified with some member roles.
--> The ASA device from which the first packet goes for the each connection is called as Owner and backup for this connection is called as Director.
--> The device which is not an owner and Director of the connection is called as Forwarder.
--> A single ASA can forward the data for thousands of connections.
--> An interface in the cluster can be spanned EtherChannel or individual.
--> Load balancing in the cluster can be done by using three methods,
i) Ether Channel
ii) Equal Cost Multi-Path using Dynamic Routing Protocol
iii) Policy-Based Routing
iv) Intellegint Traffic Director ( Cisco Proprietary Load balancer in Nexus).
i) ASA Active/Standby and Active/Active Failover
ii) ASA Clustering
--> We can achieve High Availability using ASA Active/Standby & Active/Active Failover but there is scalability issue ( We can use only two devices at a time for forwarding the data).
--> By using ASA Clustering we can combine up to 16 ASA Physical Firewalls into one logical Firewall.
--> Each device in the cluster is called as a cluster member and every member actively forwards the data traffic.
--> One device in the cluster is elected as Master/Primary which performs all the control plane related functions.
--> Remaining other devices in the cluster are called as Slave/Secondary device which only forwards the data.
--> only Primary ASA in the cluster forms the neighbor relationship with other devices in the network.
--> By default the first ASA which is up will be elected as Primary Device in the Cluster.
--> We can change this behavior by using the priority value on the ASA, the ASA with the highest priority will be elected as Master/Primary Device.
--> If the priority is same in all ASA devices then the serial number is used to select the primary device.
--> There is no preemption in the cluster if any device joins with the high priority it does not automatically become primary ASA.
--> An election in the cluster only done when the current primary device fails.
--> If an interface of any device in the cluster fails that device will be removed from the cluster.
--> Cluster Control link is used for carrying the control plane traffic within the cluster, each and every device will have one or more links are configured as cluster control link.
--> Every Connection in the cluster is handled by single ASA device. In order to perform forwarding of data traffic for each connection in the cluster, devices are classified with some member roles.
--> The ASA device from which the first packet goes for the each connection is called as Owner and backup for this connection is called as Director.
--> The device which is not an owner and Director of the connection is called as Forwarder.
--> A single ASA can forward the data for thousands of connections.
--> An interface in the cluster can be spanned EtherChannel or individual.
--> Load balancing in the cluster can be done by using three methods,
i) Ether Channel
ii) Equal Cost Multi-Path using Dynamic Routing Protocol
iii) Policy-Based Routing
iv) Intellegint Traffic Director ( Cisco Proprietary Load balancer in Nexus).
0 comments:
Post a Comment