cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
816
Views
0
Helpful
2
Replies
Highlighted
Beginner

Active/Standby Tenant Edge Firewall in Routed mode over vPC with EVPN Fabric

Hello Team ,

Using Nexus 9K EX as the Border Leafs , and given that Dynamic routing over VPC is now supported , is there any issue attaching Active/Standby Firewall in Routed mode via VPC ?

Regards,

Everyone's tags (2)
1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Cisco Employee

Re: Active/Standby Tenant Edge Firewall in Routed mode over vPC with EVPN Fabric

No issues of which I'm aware.

Btw, with standalone NX-OS (i.e. non-ACI) EVPN VXLAN, you need a peer link, which isn't shown in your physical view. (In a future release, this requirement will go away.)

You've probably seen this, but just in case: Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x - Configuring VXLAN BGP EVPN [Cisco Nexus 9000 Se…

This (CiscoLive! Berlin 2017 BRKDCN-2304) might also be useful: On-Demand Library - Cisco Live Global Events

View solution in original post

2 REPLIES 2
Highlighted
Cisco Employee

Re: Active/Standby Tenant Edge Firewall in Routed mode over vPC with EVPN Fabric

No issues of which I'm aware.

Btw, with standalone NX-OS (i.e. non-ACI) EVPN VXLAN, you need a peer link, which isn't shown in your physical view. (In a future release, this requirement will go away.)

You've probably seen this, but just in case: Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x - Configuring VXLAN BGP EVPN [Cisco Nexus 9000 Se…

This (CiscoLive! Berlin 2017 BRKDCN-2304) might also be useful: On-Demand Library - Cisco Live Global Events

View solution in original post

Highlighted
Beginner

Re: Active/Standby Tenant Edge Firewall in Routed mode over vPC with EVPN Fabric

Hello! Thanks for the links to useful documents!

I have a question: how to connect two firewalls (ASA5585) in active-active routed mode in the data center network built on VXLAN BGP EVPN? For fault tolerance firewalls must be located at different sites. We tried to connect them to different border leaves (pair of N9K switches), each firewall node was connected using vPC, but this scheme worked poorly.

I'll be very grateful for any help.

This widget could not be displayed.