Solved: Active/Standby Tenant Edge Firewall in Routed mode over vPC with EVPN Fabric

arahimidris · ‎09-07-2017

Hello Team ,

Using Nexus 9K EX as the Border Leafs , and given that Dynamic routing over VPC is now supported , is there any issue attaching Active/Standby Firewall in Routed mode via VPC ?

Regards,

plowden · ‎12-04-2017

No issues of which I'm aware.

Btw, with standalone NX-OS (i.e. non-ACI) EVPN VXLAN, you need a peer link, which isn't shown in your physical view. (In a future release, this requirement will go away.)

You've probably seen this, but just in case: Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x - Configuring VXLAN BGP EVPN [Cisco Nexus 9000 Se…

This (CiscoLive! Berlin 2017 BRKDCN-2304) might also be useful: On-Demand Library - Cisco Live Global Events

View solution in original post

plowden · ‎12-04-2017

No issues of which I'm aware.

Btw, with standalone NX-OS (i.e. non-ACI) EVPN VXLAN, you need a peer link, which isn't shown in your physical view. (In a future release, this requirement will go away.)

You've probably seen this, but just in case: Cisco Nexus 9000 Series NX-OS VXLAN Configuration Guide, Release 7.x - Configuring VXLAN BGP EVPN [Cisco Nexus 9000 Se…

This (CiscoLive! Berlin 2017 BRKDCN-2304) might also be useful: On-Demand Library - Cisco Live Global Events

enginer SNOS · ‎02-28-2020

Hello! Thanks for the links to useful documents!

I have a question: how to connect two firewalls (ASA5585) in active-active routed mode in the data center network built on VXLAN BGP EVPN? For fault tolerance firewalls must be located at different sites. We tried to connect them to different border leaves (pair of N9K switches), each firewall node was connected using vPC, but this scheme worked poorly.

I'll be very grateful for any help.