Re: Cisco ACI Multisite - FW clustering

Newbie..9109 · ‎03-16-2023

Hi,

Can I deploy firewall clustering in case of cisco ACI multisite with layer 2 connectivity with Flooding (BUM Forwarding)?

Because I read a document that we can apply cisco ACI multisite with layer 2 connectivity with Flooding for application clustering.

The need to flood BUM traffic is driven by specific requirements, such as application clustering (which traditionally calls for the use of Layer 2 multicast communication between different application cluster nodes).

As i know, fw clustering is only supported in Cisco ACI Multipod

Thank you

Oliver Qiu · ‎04-11-2023

Hi,

Yes, for ACI multisite Layer 2 connectivity across sites with flooding - "The need to flood BUM traffic is driven by specific requirements, such as application clustering (which traditionally calls for the use of Layer 2 multicast communication between different application cluster nodes)." from Cisco ACI MultiSite White Paper.

But for your requirements and descriptions about firewall cluster which is Service Node integration in ACI Multi-Site, recommend you can refer to "Independent service node in each site" of Cisco ACI Multi-Site and Service Node Integration White Paper.

So, the service BD(s) must be stretched across sites. This means that the interfaces of the service nodes in different sites must be in the same service BD. The recommendation is to do this without extending BUM flooding, to avoid spreading broadcast storms outside a single fabric.

https://www.cisco.com/c/en/us/solutions/collateral/data-center-virtualization/application-centric-infrastructure/white-paper-c11-743107.html