Hi I am new user getting used to these devices!
I am wondering if it is possible to create an active passive cluster using 2 4500's in two separate sites. I am aware that the internal interfaces need to be on the same subnet (stretch VLAN etc)... but what about the external interface and getting users to it?
How do people get around this? Is there a way of doing it without a load balancer? We do not host our own public facing DNS, and round robin is not really pratical because 50% of users would continually get thrown at the down site!
How does the 6500 Multi Site cluster get around this?
The 6500 multi-site cluster works just like any other cluster. Multi-site is really designed for global active/active.
If you want to run active / active you don't NEED a load balancer. You can just have users manually select which one to go to.
As active / passive require a VIP on the exernal I/F you would not be able to set that up with the external I/F on different subnets.
If you are just trying to have redundant SA boxes you could the active / active route and just publish the IP addresses. Or have you thought about looking into a hosted load balancer. I am told that there are some pretty good (cost wise) solutions out there.
Here is another thought -
If you have some internet-facing web server you can host a page on, implement a "portal" to your SA devices. I've got some code from our SSL VPN regional specialist for a web page which does a rudimentary round-robin assignment to a group of SAs after checking that the device to which the session is to be sent is actually functioning. The assignment is done via a redirect, so there are no load-balancing persistence issues after the assignment is made.
I'm looking to perhaps design and implement a portal which would take into account session counts on devices in doing something like this. My environment is pretty complex (15 clusters globally each with 12 IVSs ), and I'm not exactly a great coder, so I'm taking it slow. But the idea is pretty intriuging...