Monday, August 26, 2013

Configuring ASA Active/Standby failvover - ASA High Availability

When will this fail? How can we increase resiliency? How can we achieve close to 100% up-time? Questions one should be asking when designing any system. One way to answer these critical design questions -- redundancy!!. So in this blogtorial we will see how we can deploy two ASAs in a redundant design. When it comes to ASA high availability there are two modes: Active/Active where both ASAs are forwarding traffic and the other is Active/Standby where only the primary ASA is responsible for forwarding traffic and the other is in a hot-standby state waiting to forward traffic soon as the primary one fails. Each mode has its own set of pros and cons. Please review the Cisco website for a full list of Guidelines and Limitations.

Full configurations are located here so you can lab this up in GNS3.

With this in mind, let's get started on this topology.

Sunday, August 25, 2013

TCP - TCP small window size causing latency

If you need a primer on window size and scaling you can check out my previous blogtorial that I posted a while ago. Today a client called and complained about latency. The basic premise was that they sent a New Order Single (FIX) and they didn't see the execution report for about 11 seconds. Application logs however showed that it was executed within sub microseconds and so why this 11 second delay? Obviously network equipment is not going to buffer the packets for multiple seconds. In order to troubleshoot this I turn to man's best friend (not dogs) -- but rather sniffers / packet captures ... perhaps I should have said nerd's best friend. :-) Once I started looking at the packet captures it all came together. I won't post the packet capture however a screen shot cant hurt.