Cisco Cisco Firepower Management Center 4000
6-26
FireSIGHT System User Guide
Chapter 6 Managing Devices
Clustering Devices
Inline Deployment Redundancy
Because an inline set has no control over the routing of the packets being passed through it, it must
always be active in a deployment. Therefore, redundancy relies on external systems to route traffic
correctly. You can configure redundant inline sets with or without device clusters.
always be active in a deployment. Therefore, redundancy relies on external systems to route traffic
correctly. You can configure redundant inline sets with or without device clusters.
To deploy redundant inline sets, you configure the network topology so that it allows traffic to pass
through only one of the inline sets while preventing circular routing. If one of the inline sets fails, the
surrounding network infrastructure detects the loss of connectivity to the gateway address and adjusts
the routes to send traffic through the redundant set.
through only one of the inline sets while preventing circular routing. If one of the inline sets fails, the
surrounding network infrastructure detects the loss of connectivity to the gateway address and adjusts
the routes to send traffic through the redundant set.
Routed Deployment Redundancy
Hosts in an IP network must use a well-known gateway address to send traffic to different networks.
Establishing redundancy in a routed deployment requires that routed interfaces share the gateway
addresses so that only one interface handles traffic for that address at any given time. To accomplish this,
you must maintain an equal number of IP addresses on a virtual router. One interface advertises the
address. If that interface goes down, the backup interface begins advertising the address.
Establishing redundancy in a routed deployment requires that routed interfaces share the gateway
addresses so that only one interface handles traffic for that address at any given time. To accomplish this,
you must maintain an equal number of IP addresses on a virtual router. One interface advertises the
address. If that interface goes down, the backup interface begins advertising the address.
In non-clustered devices, you use SFRP to establish redundancy by configuring gateway IP addresses
shared between multiple routed interfaces. You can configure SFRP with or without device clusters. You
can also establish redundancy using dynamic routing such as OSPF or RIP.
shared between multiple routed interfaces. You can configure SFRP with or without device clusters. You
can also establish redundancy using dynamic routing such as OSPF or RIP.
Switched Deployment Redundancy
You establish redundancy in a switched deployment using the Spanning Tree Protocol (STP). STP is a
protocol that manages the topology of bridged networks. It is specifically designed to allow redundant
links to provide automatic backup for switched interfaces without configuring backup links. Devices in
a switched deployment rely on STP to manage traffic between redundant interfaces. Two devices
connected to the same broadcast network receive traffic based on the topology calculated by STP. See
protocol that manages the topology of bridged networks. It is specifically designed to allow redundant
links to provide automatic backup for switched interfaces without configuring backup links. Devices in
a switched deployment rely on STP to manage traffic between redundant interfaces. Two devices
connected to the same broadcast network receive traffic based on the topology calculated by STP. See
for more information about enabling STP.
Note
Cisco strongly recommends that you enable STP when configuring a virtual switch that you plan to
deploy in a device cluster.
deploy in a device cluster.
See the following sections for more information about clustering devices and stacks:
•
•
•
•
•
•
•
•
•
•
•
•
•