Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
793
Views
0
Helpful
9
Replies

Routing between MPLS router, firewall and L3 switch

hmc2500
Level 1
Level 1

‎08-15-2022 01:35 PM - edited ‎08-15-2022 03:22 PM

Internal Routing.JPG

 

 

How is routing best configured in the following scenario? Should traffic between the MPLS router and firewall go direct to each other or through the L3 switch?

 

MPLS router <> firewall

or MPLS router <> L3 Switch <> Firewall and the reverse?

 

IS the delay adding an extra hop neglibile?

There is a riverbed (compression) appliance inbetween the WAN L2 switch and the Core L3 Switch.

 

 

 

Labels:
0 Helpful
9 Replies 9

paul driver
VIP
VIP

‎08-15-2022 03:07 PM

Hello
TBH not enough information on what the riverbed is servicing other than optimization?
The RB is usually inpath between the MPLS rtr lan and the core switch WAN port, as for the FW I assume this is servicing the Lan users(local/branch) internet access and as you only show a single connection from the core switch into that WAN HO switch, again the assumption here is all three devices are sharing the same address space and if that is the case then the WAN HO switch is necessary, However depending on the type of RB do are you using , if it has multiple wan0/lan0 ports then the WAN HO switch isnt applicable.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

hmc2500
Level 1
Level 1
In response to paul driver

‎08-15-2022 03:19 PM

Sorry for not having included more information. Other branch offices are connecting through site to site VPNs. Outside vendors are connecting through site to site VPN's on the firewall. Outside vendors need to be able to connect to other offices and vice versa. Other branch offices are also backhauled through mpls out to the internet through this firewall. 

Yes, all three devices L3 switch, Wan switch and MPLS router share the same segment.

THe riverbed is used to optimize all WAN traffic (not local traffic) coming in and going out. THe riverbed is used inline (1 WAN and lan port).There are actually even more devices in the WAN segment but I was trying to keep it simple. 

0 Helpful

paul driver
VIP
VIP
In response to hmc2500

‎08-15-2022 03:28 PM

Hello

@hmc2500 wrote:

.There are actually even more devices in the WAN segment but I was trying to keep it simple. 

Then i would say the WAN HO sw is applicable, and given that if applicable I would suggest even an addtional switch (stacked) for resielncy 



Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP

‎08-15-2022 04:33 PM

why you want to connect MPLS and FW ?

0 Helpful

hmc2500
Level 1
Level 1
In response to MHM Cisco World

‎08-15-2022 06:28 PM

‎08-15-2022 07:33 PM

why you want to connect MPLS and FW ?

I keep forgetting important info. This is actually a hub site and outside vendors are connecting through site to site VPN's on the firewall. Outside vendors need to be able to connect to other offices and vice versa. Other branch offices are also backhauled through mpls out to the internet through this firewall. 

 

 

I was hoping someone would respond to my questions:

How is routing best configured in that scenario? Should traffic between the MPLS router and firewall go direct to each other or through the L3 switch?

IS the delay adding an extra hop neglibile?

0 Helpful

paul driver
VIP
VIP
In response to hmc2500

‎08-16-2022 01:23 AM

Hello

@hmc2500 wrote:
 

I was hoping someone would respond to my questions:

How is routing best configured in that scenario? Should traffic between the MPLS router and firewall go direct to each other or through the L3 switch?

IS the delay adding an extra hop neglibile?

If traffic doesn’t need to go via the core switch, then yes, They share the same subnet anyway so there will no need to hit the core switch unless mpls/fw needs to do so.





Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

MHM Cisco World
VIP
VIP
In response to hmc2500

‎08-16-2022 02:12 AM

why Need to pass through the Core ? 
you can config two VLAN in WAN L2 SW 
one VLAN for dirrect connect the Both FW and MPLS <<- this for direct packet between two FW and MPLS
other VLAN connect all Core/FW/MPLS 

0 Helpful

hmc2500
Level 1
Level 1
In response to MHM Cisco World

‎08-16-2022 06:02 AM - edited ‎08-16-2022 06:03 AM

Reason why I was considering it is if you use static routes and changes are made (devices added or moved) to the topology you have to keep manually updating the routes. If you point everything to the layer 3 you only have to update 1 device. 

0 Helpful

MHM Cisco World
VIP
VIP
In response to hmc2500

‎08-16-2022 06:35 AM

I will do small lab test my idea and update you

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card