Migrating to ACI | DMVPN hub and Fortigate connections
I need to figure out best design and config option for migrating our traditional DC network to ACI. We have our branches connected using DMVPN to the ASR 1001-x HUB and are using OSPF for routing. Between branches network and servers we have Fortigate 200E in routed mode with OSPF running on it which is connected also to the border router and HQ LAN. All access to servers and internet from both HQ LAN and branches are controlled by fw rules on Firewall.
We are moving to ACI for DC network and already have 2x 9332 spines and 93180yc-ex leaves.
My question is how to connect ASR and Fortigate to the ACI and organize configs in order to keep current enforcements on Fortigate and also use teh same fortigate for controlling traffic between different EPGs in a future? Few options I consider.
1. Do not connect ASRs to the leaves as L3Outs and connect only FG200E in unmanaged mode.
2. Connect both ASRs and FG to the leaves but in that case all traffic flowing from branches to internet will enter to ACI fabric.
Which options are possible? current topology is attached. thank you!
Howdy out there in automation land! So I know it has been a while since my last blog but wow... the places and things we are doing... as I sit here this morning (early in the morning mind you)... I'm getting mentally prepared to teach a 4th Action...
Assure Application Performance on Hyperconverged InfrastructureWednesday November 20th at 11 am ET
Increased adoption of hyperconverged infrastructure has been driven by the need for IT teams to simplify IT operations and increase agility. Organizations a...
To participate in this event, please use the button to ask your questions
This topic is a chance to discuss more about the migration options from existing network designs to Cisco Application Centr...
Worried about the next Azure Stack firmware update? Learn how Cisco UCS makes the complex simple with every update.
In order to get the latest features, defect fixes and to protect from security threats it is the responsibility of the Microsoft Azu...
Cisco Workload Optimization Manager (CWOM)
Continuously Assure Application Performance at Any Scale
Webinar: Wednesday, October 23rd at 11am ET
Today’s applications utilize traditional virtualization platforms as well as newer DevOps meth...