10-17-2016 06:19 PM - edited 03-08-2019 07:49 AM
Hi,
In our Scenario we are going to terminate Edge router (with eBGP/iBGP) on Core/aggregation Switch. Our Servers are also terminated on same switch but in different Vlan.
(Physically)
Servers
|
|
Edge router----Core Switch----Firewall
Logically all router traffic is going to firewall and then move back. Security wise is this plan ok or there are some issues?
10-17-2016 06:29 PM
Hi,
It maybe better to put the firewall inline.
server---core switch-----firewall------edgerouter
HTH
10-17-2016 06:45 PM
Can you plz share your concerns on plan I shared.
Actually both I have replica of this design on two sites interconnected via core/aggregation switches. Firewall are clustered via layer2 link. Now issue is can you share anything how I can ibgp on two routers which doesn't have any direct link and only connected like (remember firewalls are clustered in scenario below) and
router----f/w---core sw---dark Fiber ---core sw----f/w---- router
thanks
10-17-2016 07:10 PM
In your topology, the server sends the packet to the core, the core sends it to the firewall and firewall has to send it back core to forward it to edge router. If you have the firewall inline, once the packet is forwarded to the firewall, it will send it to the edge directly.
HTH
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide