In our Scenario we are going to terminate Edge router (with eBGP/iBGP) on Core/aggregation Switch. Our Servers are also terminated on same switch but in different Vlan.
Edge router----Core Switch----Firewall
Logically all router traffic is going to firewall and then move back. Security wise is this plan ok or there are some issues?
Can you plz share your concerns on plan I shared.
Actually both I have replica of this design on two sites interconnected via core/aggregation switches. Firewall are clustered via layer2 link. Now issue is can you share anything how I can ibgp on two routers which doesn't have any direct link and only connected like (remember firewalls are clustered in scenario below) and
router----f/w---core sw---dark Fiber ---core sw----f/w---- router
In your topology, the server sends the packet to the core, the core sends it to the firewall and firewall has to send it back core to forward it to edge router. If you have the firewall inline, once the packet is forwarded to the firewall, it will send it to the edge directly.