08-15-2022 01:35 PM - edited 08-15-2022 03:22 PM
How is routing best configured in the following scenario? Should traffic between the MPLS router and firewall go direct to each other or through the L3 switch?
MPLS router <> firewall
or MPLS router <> L3 Switch <> Firewall and the reverse?
IS the delay adding an extra hop neglibile?
There is a riverbed (compression) appliance inbetween the WAN L2 switch and the Core L3 Switch.
08-15-2022 03:07 PM
Hello
TBH not enough information on what the riverbed is servicing other than optimization?
The RB is usually inpath between the MPLS rtr lan and the core switch WAN port, as for the FW I assume this is servicing the Lan users(local/branch) internet access and as you only show a single connection from the core switch into that WAN HO switch, again the assumption here is all three devices are sharing the same address space and if that is the case then the WAN HO switch is necessary, However depending on the type of RB do are you using , if it has multiple wan0/lan0 ports then the WAN HO switch isnt applicable.
08-15-2022 03:19 PM
Sorry for not having included more information. Other branch offices are connecting through site to site VPNs. Outside vendors are connecting through site to site VPN's on the firewall. Outside vendors need to be able to connect to other offices and vice versa. Other branch offices are also backhauled through mpls out to the internet through this firewall.
Yes, all three devices L3 switch, Wan switch and MPLS router share the same segment.
THe riverbed is used to optimize all WAN traffic (not local traffic) coming in and going out. THe riverbed is used inline (1 WAN and lan port).There are actually even more devices in the WAN segment but I was trying to keep it simple.
08-15-2022 03:28 PM
Hello
@hmc2500 wrote:
.There are actually even more devices in the WAN segment but I was trying to keep it simple.
Then i would say the WAN HO sw is applicable, and given that if applicable I would suggest even an addtional switch (stacked) for resielncy
08-15-2022 04:33 PM
why you want to connect MPLS and FW ?
08-15-2022 06:28 PM
08-15-2022 07:33 PM
why you want to connect MPLS and FW ?
I keep forgetting important info. This is actually a hub site and outside vendors are connecting through site to site VPN's on the firewall. Outside vendors need to be able to connect to other offices and vice versa. Other branch offices are also backhauled through mpls out to the internet through this firewall.
I was hoping someone would respond to my questions:
How is routing best configured in that scenario? Should traffic between the MPLS router and firewall go direct to each other or through the L3 switch?
IS the delay adding an extra hop neglibile?
08-16-2022 01:23 AM
Hello
@hmc2500 wrote:
I was hoping someone would respond to my questions:
How is routing best configured in that scenario? Should traffic between the MPLS router and firewall go direct to each other or through the L3 switch?
IS the delay adding an extra hop neglibile?
If traffic doesn’t need to go via the core switch, then yes, They share the same subnet anyway so there will no need to hit the core switch unless mpls/fw needs to do so.
08-16-2022 02:12 AM
why Need to pass through the Core ?
you can config two VLAN in WAN L2 SW
one VLAN for dirrect connect the Both FW and MPLS <<- this for direct packet between two FW and MPLS
other VLAN connect all Core/FW/MPLS
08-16-2022 06:02 AM - edited 08-16-2022 06:03 AM
Reason why I was considering it is if you use static routes and changes are made (devices added or moved) to the topology you have to keep manually updating the routes. If you point everything to the layer 3 you only have to update 1 device.
08-16-2022 06:35 AM
I will do small lab test my idea and update you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide