I have a local network with multiple VLANs and I would like to have a DR site where I could use those same VLANs. I will have only Internet connectivity to DR site so my question is how do i make existing VLANs available on DR side? GRE, IPsec in transport?
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Hmm for OTV we don't have equipment unfortunately.
So we have Nexus 5548 with IPbase, PaloAlto L7 as edge firewall, C3850 as BGP router, another internal C3850 where front end vlans terminate and ASA5525-x as back end firewall where back end VLANs terminate.
The idea would be to have all VLANs on DR site so i assume in every VLAN i need to have a bridge interface. L2TPv3 is i think not supported from the equipment we have so i not sure what would be the best way to bridge all this to the the other side (opensource sw is also a possible solution).
This is how network looks like currently
You're going to have to buy some hardware to support whatever solution you decide on. None of your current hardware have the capabilities to extend layer 2.
Ok, that's a valid answer :). What should we look at?
OpenVPN can be used to bridge the network but then i would need interface in every VLAN I want to bridge correct? With that i would have 1 broadcast domain per VLAN and shouldn't experience any issues related to that?
I don't have any experience with OpenVPN so I can't speak to how it works or proper design. If you want to do OTV then I would look at the the ASR1001-X.