Considering the devices support dual-redundant power supplies and dual
redundant route processors, I guess my next question before I embark on a
dual-unit proposal is this even required?
i.e would it be a good design choice to protect a device which has already
has dual power/RP ?
BR
Tony
On 8 June 2014 12:01, Tony Singh <mothafungla_at_gmail.com> wrote:
> Network-Ready Capabilities
>
> The Cisco IPS 4500 Series provides low latency and high-availability
> features to meet the needs of the most demanding networks. With
> hardware-accelerated deep packet analysis, the Cisco IPS 4500 Series
> delivers multi-gigabyte performance with dedicated space available for
> future IO and performance expansion. For details on the unique methodology
> Cisco uses to calculate IPS performance, refer to the Performance of
> Cisco IPS 4500 and 4300 Series Sensors
>
<http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps5713/ps12156/whi
te_paper_c11-716084.html>.
> *Flexible and highly available deployment options include active-active
> and active-standby* configurations; fail-open or fail-closed modes; IDS
> and IPS operational modes; and redundant power supplies. Network Based Flow
> Affinity feature offers high availability with better integration into the
> network via standards-based LACP support. The system can also inspect
> encapsulated traffic, including generic routing encapsulation (GRE),
> Multiprotocol Label Switching (MPLS), 802.1q, IPv4 in IPv4, IPv4 in IPv6,
> and Q-in-Q double VLAN.
>
>
> On 8 June 2014 11:49, Tony Singh <mothafungla_at_gmail.com> wrote:
>
>>
>>
>> Hi Cristian
>>
>> Thanks for your reply my idea was to deploy them as L2 in-line pairs with
>> ether-channels either side of a stacked 3750X access layer and 6509E VSS
>> core layer
>>
>> I would prefer not to have an extra L3 hop I'm sure there are way to
>> manipulate L2 STP costs for this to work but I'm trying to find the docs
>> for active/active or active/standby configuration on the 4500 series as
>> Cisco's product page suggests these designs are supported
>>
>> --
>> BR
>>
>> Tony
>>
>> On 8 Jun 2014, at 11:38, Cristian Matei <cmatei_at_ine.com> wrote:
>>
>> Hi,
>>
>> To make that work, you would need a sort of clustering or HA where
>> basically the session state would be shared among multiple IPS devices.
>> This is not supported by Cisco IPS and i highly doubt any IPS vendor
>> supports such scenario, as the challenge is not only about session state,
>> but also fragmented packets and packet inspection.
>>
>> Why canb�t you just fix the asymmetric routing?
>>
>> Regards,
>> Cristian Matei, 2 x CCIE #23684 (R&S/SC)
>> cmatei_at_INE.com
>>
>> Internetwork Expert, Inc.
>> http://www.INE.com <http://www.ine.com/>
>>
>>
>>
>> On 08 Jun 2014, at 13:24, Tony Singh <mothafungla_at_gmail.com> wrote:
>>
>> Hi
>>
>> Is their a Cisco IPS solution with HA being able to deal with stateful
>> asymmetric traffic flows I.e the 4500 series
>>
>> I don't want to disable TCP engines to allow for this behaviour..
>>
>> --
>> BR
>>
>> Tony
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Jun 08 2014 - 12:17:19 ART