Cisco ASA Series Cli Configuration Manual page 276

Information About ASA Clustering
You can ignore the message and establish the ASDM connection. However, to avoid this type of warning,
you can enroll a certificate that contains the Main cluster IP address and all the Local IP addresses from
the IP address pool. You can then use this certificate for each cluster member. For more information, see
Chapter 1, "Configuring Digital Certificates."
Load Balancing Methods
See also the
•
•
•
Spanned EtherChannel (Recommended)
You can group one or more interfaces per unit into an EtherChannel that spans all units in the cluster.
The EtherChannel aggregates the traffic across all the available active interfaces in the channel.
•
•
•
•
•
Spanned EtherChannel Benefits
The EtherChannel method of load-balancing is recommended over other methods for the following
benefits:
•
•
•
For more information about EtherChannels in general (not just for clustering), see the
section on page
Guidelines for Maximum Throughput
To achieve maximum throughput, we recommend the following:
•
•
Cisco ASA Series CLI Configuration Guide
1-12
"ASA Cluster Interfaces" section on page
Spanned EtherChannel (Recommended), page 1-12
Policy-Based Routing (Routed Firewall Mode Only), page 1-14
Equal-Cost Multi-Path Routing (Routed Firewall Mode Only), page 1-15
Spanned EtherChannel Benefits, page 1-12
Guidelines for Maximum Throughput, page 1-12
Load Balancing, page 1-13
EtherChannel Redundancy, page 1-13
Connecting to a VSS or vPC, page 1-13
Faster failure discovery.
Faster convergence time. Individual interfaces rely on routing protocols to load-balance traffic, and
routing protocols often have slow convergence during a link failure.
Ease of configuration.
1-5.
Use a load balancing hash algorithm that is "symmetric," meaning that packets from both directions
will have the same hash, and will be sent to the same ASA in the Spanned EtherChannel. We
recommend using the source and destination IP address (the default) or the source and destination
port as the hashing algorithm.
Use the same type of line cards when connecting the ASAs to the switch so that hashing algorithms
applied to all packets are the same.
Chapter 1 Configuring a Cluster of ASAs
1-4.
"EtherChannels"