Results 1 to 9 of 9
  1. #1
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    681

    Can Cisco FWSM do load balancing?

    Hi,

    I'm maintaining some FreeBSD boxes for an ISP. One thing that keeps itching me is that there's no HA in the customer webservers.
    A customer may have 8 web servers, but they're all dedicated to some sites, and I'd like them to have at least two per site, so I can (i.e.) reboot without their customers noticing.

    I could mess around with uCarp to get this HA, but since there are Firewall modules in the switches (FWSM) I wonder if those can also do at least basic http load balacing?

    If yes, I could change this into a much more interesting, err, flexible active/active setup.
    Check out my SSD guides for Samsung, HGST (Hitachi Global Storage) and Intel!

  2. #2
    Have you looked into Haproxy?

    Not sure if it will be feasible with the setup you have.

  3. #3
    Join Date
    Jan 2014
    Location
    Wayne, PA
    Posts
    2
    This is a difficult question to answer without more information about which model switches you are using.

  4. #4
    Join Date
    Apr 2009
    Posts
    1,143
    Done Think they Can. Not from my - maybe limited - experience with fwsm.

  5. #5
    Join Date
    Apr 2010
    Posts
    491
    Quote Originally Posted by wartungsfenster View Post
    Hi,

    I'm maintaining some FreeBSD boxes for an ISP. One thing that keeps itching me is that there's no HA in the customer webservers.
    A customer may have 8 web servers, but they're all dedicated to some sites, and I'd like them to have at least two per site, so I can (i.e.) reboot without their customers noticing.

    I could mess around with uCarp to get this HA, but since there are Firewall modules in the switches (FWSM) I wonder if those can also do at least basic http load balacing?

    If yes, I could change this into a much more interesting, err, flexible active/active setup.
    FWSM is a firewall and an odd duck at that. The CSM is the load balancer for the 6500's and not supported on a modern sup at least according to the datasheet. There are a ton of methods that can work since it's all web traffic a pair of proxies with some vip's via ucarp or similar is the "modern" approach.

  6. #6
    Join Date
    May 2003
    Posts
    1,664
    The FWSM will not do it, honestly it barely does what's its made for from my experience with it. You would be better getting a load balancer or looking at HA protocols such as vrrp or many of the others out there.

  7. #7
    Join Date
    Mar 2010
    Location
    Germany
    Posts
    681
    Thanks all!

    Pity the switches won't help.
    uCARP is something I can turn on most easily on the servers, I'll make more use of it.

    (and enjoy $other_customer with all the F5s a little more)

  8. #8
    Join Date
    Jul 2009
    Location
    UK
    Posts
    1,308
    Quote Originally Posted by kris1351 View Post
    The FWSM will not do it, honestly it barely does what's its made for from my experience with it. You would be better getting a load balancer or looking at HA protocols such as vrrp or many of the others out there.
    LOL Agreed!
    FWSM is such a nasty beast.

    Glad cisco have given up with their offerings in this area ( ACE for example... )

    You could always use some kind of DNS based round robin Loadbalancing. Then have a script on the DNS servers to check to connectivity to the servers.. If one fails.. take it out of the DNS farm ( With a very low TTL )
    I only mentioned a scripted DNS approach because it would be crazy fun to create and super fun to learn. Plus you can then adapt the code to make your very own DR / Geo-DR solution ..
    Live Chat Support Software for your Business website - IMsupporting.com

  9. #9
    Join Date
    Apr 2010
    Posts
    491
    Quote Originally Posted by lynxus View Post
    You could always use some kind of DNS based round robin Loadbalancing. Then have a script on the DNS servers to check to connectivity to the servers.. If one fails.. take it out of the DNS farm ( With a very low TTL )
    I only mentioned a scripted DNS approach because it would be crazy fun to create and super fun to learn. Plus you can then adapt the code to make your very own DR / Geo-DR solution ..
    You really don't want to do this, trusting DNS servers to do the right thing leads to lots of corner cases. For global redirection it's the only good choice for anything that does not support balancing at the application level. But few dynamic applications work well in a multi data center active active setting.
    Last edited by silasmoeckel; 01-07-2014 at 11:42 PM.

Similar Threads

  1. Replies: 0
    Last Post: 12-24-2011, 05:36 AM
  2. Replies: 0
    Last Post: 05-25-2010, 03:35 AM
  3. Replies: 0
    Last Post: 05-04-2010, 07:19 AM
  4. Replies: 0
    Last Post: 02-13-2010, 05:40 AM
  5. 2 Routers: 1 Cisco 2651 & 1 SYSWANSW24 (Load balancing)
    By Lagniappe-labgeek in forum Other Web Hosting Related Offers
    Replies: 1
    Last Post: 10-20-2008, 11:38 AM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •