cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
732
Views
1
Helpful
2
Replies

SDWAN networking TLOC-EXT traffic path problem

The topology diagram is as follows. Two Cedges at the DC site have TLOC-EXT, and two Cedges at the Spoke site have TLOC-EXT. The DC site is connected to two ISP links. Both ISP links are behind the firewall. Will there be asymmetric traffic problems in such a network? That is, the traffic from the Spoke site to the DC site comes in from ISP1 and then goes out from ISP2. Is it considered asymmetric traffic by ISP2's firewall and discarded?

tupian.png

1 Accepted Solution

Accepted Solutions

Hi,

in general, it is asymmetric traffic. But in SD-WAN router to router traffic is encapsulated, so firewall (if it inspects only L3/L4) will see UDP traffic from cEdge IP to another cEdge IP.

If it also inspects upper layer protocols depending on behavior may or may not block. Generally, you should allow router to router traffic (by IP) and you are OK.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

View solution in original post

2 Replies 2

Hi,

in general, it is asymmetric traffic. But in SD-WAN router to router traffic is encapsulated, so firewall (if it inspects only L3/L4) will see UDP traffic from cEdge IP to another cEdge IP.

If it also inspects upper layer protocols depending on behavior may or may not block. Generally, you should allow router to router traffic (by IP) and you are OK.

HTH,
Please rate and mark as an accepted solution if you have found any of the information provided useful.

It asymmetric you can use 

FW HW 

Or 

Tcp bypass (since tcp is most traffic face issue with asymmetric routing)

Note:- vrrp preference make traffic only via one cedge but in case the vrrp status change then traffic will drop.