I have been reading vaious Cisco documents about ACI Hybrid Cloud setup (for Azure or AWS). However I am kind of confused from one doc to another. Here below are some confusing points hope someone could help clearify.
Whether using raw Internet OR DX/ER to physically connect between On-prem and Cloud (AWS/Azure), Is IPsec tunnel mandetory required on top of the Internet transport as well as the DX/ER? Update: answered by the link included in the reply.
If IPsec tunnel is configured/enabled for the ACI Hybrid Cloud inter-site transport setup:
- What would be the termination point of the tunnel on the cloud side (the Cloud native VPN gateway OR CSRv/CAT8Kv), if using raw Internet?
- On the on-prem DC side, can the devices inter-connecting the ACI Spine to ISN also be used as the IPSec termination point for on-prem DC?
- Assuming only the MTU1500 is supported on the transport, what would be the performance impact of the IPSec termination points for packet fragmentation? Update: answered by the link included in the reply.
Thanks!