06-20-2014 01:47 AM
Hi,
I have been assigned the following challenge: a customer wants to build 2 datacenters and connect these to a L3 backbone. I have attached a (very) simplified network diagram.
Challenge: The customer wants to span a L2 domain across both DCs and needs to have an Active/Active firewall. This in turn means that the traffic flow needs to be symmetric. Since both firewalls (gateways) and clients in this example are in the same stretched L2 subnet, how do I get the clients in DC1 to primarily use the FW 10.0.0.1 as default gateway, and clients in DC2 using 10.0.0.254 as default gateway. Of course clients need to use DHCP ;)
Possible solution: See attached diagram. However this relies on the additional delay of the DCI to assign different default gateways to clients. e.g. a DHCP request from a client in DC 1 will get the quickest response from a DHCP server in DC1, which assigns 10.0.0.1 as default gateway. The DHCP response from DC 2 (which would assign 10.0.0.254 as deault gateway) would arrive late and ignored by the client.
This does not seem like the perfect solution to me, since we are relying on many factors (e.g. delay may change due to other circumstances). Does anybody have other suggestions?
Thanks in advance!
06-20-2014 08:33 AM
Relying on the timing of DHCP offer is not deterministic.
Maybe:
06-24-2014 05:20 AM
Hey,
Thanks for your reply! Blocking DHCP on the DCI is a good idea...it should have the result I an looking for. The first hop will need to be the Firewall though, since we have the networks assigned to different security zones. Not the optimum regarding performance, but it will me the more secure approach. I am aware that in a failover scenario e.g. data from DC2 destined for another network in DC2 will traverse the DCI to get routed.
Regards
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: