Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
796
Views
0
Helpful
1
Replies

ACI Multi-Pod with Redundant firewalls?

SIMMN
Spotlight
Spotlight

‎05-11-2023 10:30 AM - edited ‎05-11-2023 10:49 AM

It could be any branded firewalls but for simplicity, lets just use ASA within a two-Pod multipod fabric as an example for this post...

If I remember correctly, within a Single Pod ACI Fabric, the redundant ASA management links (including the HA link or control link) are recommended to NOT be connected through the ACI fabric, especially when using Service Graph.

Now coming to the ACI Multi-Pod with redundant firewalls, high-level speaking, Cisco supports and recommends to deploy redundant firewalls/ASAs in two ways:

  • Active/Standby pair with one ASA in Pod 1 and the other ASA in Pod 2.
  • Active/Active firewall cluster with multiple ASAs spread across two Pods. 

So my questions:

  1. For the Active/Standby ASA pair, how would the two ASAs to be connected for HA links? Through the ACI Multi-Pod fabric?
  2. For the Active/Active Cluster, how would the control links be connected for the ASAs located in two Pods?

 

Labels:
0 Helpful
1 Reply 1

abhjha2
Cisco Employee
Cisco Employee

‎06-06-2023 09:09 AM

Hi,
I would say that if the distance between ASA1 and ASA2 is short enough that you can connect them back-to-back even being in a multi-pod deployment, do it that way. Otherwise, you can create a BD/EPG specific for device synchronization/control.

-----------------------------------------
If you find my reply solved your question or issue, kindly click the 'Accept as Solution' button and vote it as helpful.

You can also learn more about Cisco ACI through our live Ask the Experts (ATXs) session. Check out the ATXs Resources [https://community.cisco.com/t5/data-center-and-cloud-knowledge/cisco-aci-ask-the-experts-resources/ta-p/4394491] to view the latest schedule for upcoming sessions, as well as the useful references, e.g. online guides, FAQs.
-----------------------------------------

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License