This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject

multi lan multi wan best practice

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

multi lan multi wan best practice

Go to solution
paloaltouser2020
L1 Bithead

‎09-20-2020 09:42 AM

situation is this :

 

currently i have :

multiple lans/vlans

1 p2p line (single subnet static route0

1 internet line

1 virtual router

 

now, i need to add another wan

 

my best practice should be

a : to do another virtual router and separate relevant networks to each vr?

b : to "bag" everything under 1 vr with ecmp enabled + pbf?

c : maybe something i didn't think about?

 

in general, what are the advantages/disadvantages of using a single vr in such a case, as opposed to multiple vr?

because using a multiple vr seems like a whole lot of work "teaching" the vr's to the entire routing table of the opposite vr, but maybe i'm wrong...

 

thank you

0 Likes Likes
1 ACCEPTED SOLUTION

Accepted Solutions

Go to solution
SutareMayur
Cyber Elite
Cyber Elite

‎09-20-2020 08:25 PM

@paloaltouser2020,

 

Having multiple VRs would be the great choice when you have separate requirements all together, e.g. you want to have separate routing paths and those shouldn't shared between VRs etc. So choosing option among all available depends on the requirements and how are you going to manage it.

 

Looking at your use case and requirement, with single VR and ECMP should be the good option here. Also it will be very easy for you to manage it. I personally using same configuration on my several branch firewalls.

With multiple VRs, if you want to route traffic between the VRs, you need to have routes on respective VRs pointing to next hop as the destination VR where you want to reach. So you need to manage these things with multiple VRs. Having said that I would also say there are no as such major drawbacks of having any of the configuration (single or multiple VRs) as each has its own requirements and use cases.

 

 

M

View solution in original post

0 Likes Likes
4 REPLIES 4

Go to solution
SutareMayur
Cyber Elite
Cyber Elite

‎09-20-2020 08:25 PM

@paloaltouser2020,

 

Having multiple VRs would be the great choice when you have separate requirements all together, e.g. you want to have separate routing paths and those shouldn't shared between VRs etc. So choosing option among all available depends on the requirements and how are you going to manage it.

 

Looking at your use case and requirement, with single VR and ECMP should be the good option here. Also it will be very easy for you to manage it. I personally using same configuration on my several branch firewalls.

With multiple VRs, if you want to route traffic between the VRs, you need to have routes on respective VRs pointing to next hop as the destination VR where you want to reach. So you need to manage these things with multiple VRs. Having said that I would also say there are no as such major drawbacks of having any of the configuration (single or multiple VRs) as each has its own requirements and use cases.

 

 

M
0 Likes Likes

Go to solution
paloaltouser2020
L1 Bithead
In response to SutareMayur

‎09-20-2020 10:25 PM

thank you so much for the detailed reply 🙂

 

in response to that : "each has its own requirements and use cases"

 

what are use cases where i'd want to use multiple vr's?

0 Likes Likes

Go to solution
SutareMayur
Cyber Elite
Cyber Elite
In response to paloaltouser2020

‎09-20-2020 11:22 PM

Hi @paloaltouser2020 ,

 

Multiple VRs can configured,

 

  1. To have separate routing paths for different traffic. And you want to keep routes isolated between VRs
  2. You may have heard about Cisco VRFs which is licensed based and comparatively these licenses are expensive. Now imagine PaloAlto multiple VRs here.
  3. Lets say you have Customer, Corporate and guest zones on single firewall and you want to use different routing for each zone.

In such and similar other cases, multi VRs would be helpful.

M
0 Likes Likes

Go to solution
paloaltouser2020
L1 Bithead
In response to SutareMayur

‎09-21-2020 12:01 AM

cool. many thanks 

0 Likes Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2023 - Palo Alto Networks