Can you plz share your

shaharshad · ‎10-17-2016

Hi,

In our Scenario we are going to terminate Edge router (with eBGP/iBGP) on Core/aggregation Switch. Our Servers are also terminated on same switch but in different Vlan.

(Physically)

Servers

|

Edge router----Core Switch----Firewall

Logically all router traffic is going to firewall and then move back. Security wise is this plan ok or there are some issues?

Reza Sharifi · ‎10-17-2016

Hi,

It maybe better to put the firewall inline.

server---core switch-----firewall------edgerouter

HTH

shaharshad · ‎10-17-2016

Can you plz share your concerns on plan I shared.

Actually both I have replica of this design on two sites interconnected via core/aggregation switches. Firewall are clustered via layer2 link. Now issue is can you share anything how I can ibgp on two routers which doesn't have any direct link and only connected like (remember firewalls are clustered in scenario below) and

router----f/w---core sw---dark Fiber ---core sw----f/w---- router

thanks

Reza Sharifi · ‎10-17-2016

In your topology, the server sends the packet to the core, the core sends it to the firewall and firewall has to send it back core to forward it to edge router. If you have the firewall inline, once the packet is forwarded to the firewall, it will send it to the edge directly.

HTH

Internet router & Servers on same Aggregation Switch