Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
959
Views
0
Helpful
2
Replies

DCI With OTV + F5 SLB where to put the FW and F5 SLB ,

Ibrahim Jamil
Level 6
Level 6

‎08-23-2020 05:23 AM

HI Freinds

 

In DCI solution , with OTV , where to put the FW and F5 SLB ,

 

 

thanks

Labels:
0 Helpful
2 Replies 2

Sergiu.Daniluk
VIP Alumni
VIP Alumni

‎08-23-2020 11:49 PM

Hi @Ibrahim Jamil 

Keeping in mind that usually in an OTV setup, where you configure FHRP isolation (Ref: https://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Data_Center/DCI/whitepaper/DCI3_OTV_Intro/DCI_1.html#wp1220161) you will have a site local gateway.

Meaning that your firewalls will also need to be site-local active. Now, it is your choice if you plan on having two pairs of active/standby, one in each site or just one active/active pair with one node in each site.

Regarding the firewall location in the site, best would be to connect them to AGG VDC where the SVI(GW) are configured. If you have a vPC domain at AGG level, then make sure you connect your FW in vPC fashion. Same details applies to the SLBs.

here is a topology diagram I found with the design suggestion for a local site:

 

Untitled.png

 

Stay safe,

Sergiu

0 Helpful

Ibrahim Jamil
Level 6
Level 6
In response to Sergiu.Daniluk

‎08-24-2020 01:44 AM

Hi Sergiu

 

  My Complete server farm accessible from internet lives in DMZ , specialy E-Commerce server  for Online shopping wile the DB (Bare Metals server)  lives at Inside Network , Kindly Consider both DC Acts as Active/Active

 

My Question where to put The F5 SLB  , aka before INET-FW , after INET-FW and other consideration

 

Regards

Ibrahim

0 Helpful
Customers Also Viewed These Support Documents