11-10-2023 04:45 PM
The topology diagram is as follows. Two Cedges at the DC site have TLOC-EXT, and two Cedges at the Spoke site have TLOC-EXT. The DC site is connected to two ISP links. Both ISP links are behind the firewall. Will there be asymmetric traffic problems in such a network? That is, the traffic from the Spoke site to the DC site comes in from ISP1 and then goes out from ISP2. Is it considered asymmetric traffic by ISP2's firewall and discarded?
Solved! Go to Solution.
11-15-2023 06:45 AM
Hi,
in general, it is asymmetric traffic. But in SD-WAN router to router traffic is encapsulated, so firewall (if it inspects only L3/L4) will see UDP traffic from cEdge IP to another cEdge IP.
If it also inspects upper layer protocols depending on behavior may or may not block. Generally, you should allow router to router traffic (by IP) and you are OK.
11-15-2023 06:45 AM
Hi,
in general, it is asymmetric traffic. But in SD-WAN router to router traffic is encapsulated, so firewall (if it inspects only L3/L4) will see UDP traffic from cEdge IP to another cEdge IP.
If it also inspects upper layer protocols depending on behavior may or may not block. Generally, you should allow router to router traffic (by IP) and you are OK.
11-19-2023 09:33 AM
It asymmetric you can use
FW HW
Or
Tcp bypass (since tcp is most traffic face issue with asymmetric routing)
Note:- vrrp preference make traffic only via one cedge but in case the vrrp status change then traffic will drop.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide