Hi Festah,
I don't know of any official articles which document reasons not to use Active-Active, but it's generally not a best practice for these reasons:
- You need to manually assign virtual servers to each unit so it's not easy to keep both units equally utilized initially or over time.
- There is a concern that both units will be used past 50% utilization. If that happens and then one unit fails, the remaining unit won't be able to support the load.
- You must associate a virtual address (for a virtual server or SNAT) with a specific unit ID. That´s also the case for network/wildcard virtual servers (i.e. required for outgoing traffic). So only one unit can act as a default gateway for such purposes. This is forcing you to use serverside SNAT or nPath in most deployments or to specify different default gateways on your servers to respond via the original unit.
- Using VLAN groups will also be difficult in active/active, because both active units now create a layer 2 loop.
- For W2k8 pool members, the server will ignore the gratuitous ARP in a failover – forcing you to use MAC Masquerading. This is considered a security enhancement by Microsoft and cannot be disabled. So if the servers are in a directly connected subnet to the LTM and running 2k8 active/active may not work for them.
I'm sure there are other reasons that active-active isn't a best practice architecture, but these are some of the main reasons I could find.
Aaron
Nimbostratus
