I'm currently trying to design a network to provide routes redundancy between two datacenters. Some points are forced. I'll explain the diagram.
the two DC are geographically separated.
Core1 models DC1 and Core2 models DC2.
Each DC is protected from the outside by a firewall between CoreX - ASRX.
The three SPx routers models the service provider network.
The link between Core1 and Core2 is a leased line that is supposed foolproof.
Each DC has its own public addresses range : let's say NET1 for Core1 and NET2 for Core2
The redundancy must be the following : when either ASRx or SPx fails then the DCx must be reached through the other DC and the leased line. For example, if ASR1 fails then the route " through SP ---> SP2 ---> ASR2 ---> Core2 ---(leased line)---> Core1" must be used.
So, because there are FW between CoreX and ASRX, I'm just wondering what technology I could use to provide route redundancy without any asymetrical or under-optimal routes.
For now I used :
eBGP between ASRX and SPX : ASRX announces NETX to SPX and SPX announces the default routes to ASRX.
iBGP between SPX so each router can be informed of the other routes.
iBGP between ASX through the FW (TCP 179 and static routes)
What is blocking me is the two FW. Indeed, I use static default-route to the FW with different AD on CoreX switches to indicate how to go outside but if one ASR fails, because of the FW the static route does'nt fail and the traffic is forwarded to the FW ... The same problem occurs when SP1 fails : the incoming traffic flows to DC1 through SP2 and DC2 and then the return traffic will be forwarded to FW1 then to ASR1 which is aware of the return route through ASR2 (iBGP) but with the recursive table lookup there will be a loop ASR - FW or ASR-FW-ASR depending on the config.
So I need your help because I don't know how to make the route failure dectection become dynamic.
This document gives several answers on frequently asked questions for PFRv3 channel state behavior.
Q1: What are all the channel operational states from a BR (border role) perspective and what are the rules/conditions to be in each st...
The need was to reach an host inside a LAN through a VPN connection managed by the LAN gateway (Cisco 1921).
The LAN gateway performs NAT and there was a dedicate nat rule for the host i wanted to reach through VPN.
I couldn't connect to the hos...
We have 3 identical switches configured by someone else and would like to claim some of the Gigabit ports(G1/G2/G3/G4) for use on servers. When we try to change the wiring and configuration, we run in to connectivity issues. Attached is a des...