Active - Active firewall deployment across two data centers

Reply
L2 Linker

Active - Active firewall deployment across two data centers

Hi All, 

 

We are exploring the firewall deployment options for one of our customers who have a requirement to stretch few VLANs across 2 data centers most probably using VXLAN/EVPN. The options currently being explored are:

 

1. Active-Standby firewalls in each data center

2. Active-Active firewall  with one node in each data center

 

Are there any design/deployment references for these scenarios especially how to avoid double firewalling and the possible scenarios for asymmetric routing and how to avoid them. 

Highlighted
L7 Applicator

you can avoid asymmetric routing by not deploying in Active/Active

 

do both datacenters need to be 'hot' or is there one warm standby? do both need active connections to the outside and will the bandwidth needed exceed the VXLAN/EVPN capability?

 

I'd try to void A/A as that complicates your configuration tremendously with very little ROI (you'll also need to enable HA3 and make sure jumbo frames are supported over the VXLAN/EVPN etc)

reaper - PANgurus.com
Find my book at https://www.amazon.com/dp/1789956374
Highlighted
L2 Linker

Hi, 

 

Thanks for your response. 

 

Both datacenters need to be "Hot" and will have active connections outside. The bandwidth will not exceed VXLAN/EVPN. I am trying to understand if there are any deployment guides/design options for deploying A/A across data centers in Palo Alto. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!