- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
08-24-2024 04:27 PM
I finally did it!
The trick is to have a full mesh of Private Link Geneve sessions. Just register both gateway load balancer endpoints in each firewall and make sure the GWLB has Cross zone LB enabled.
I think the documentation from PAN has 1:1 GWLBe-fw mappings within each Availability Zone and that’s why I was receiving unecapsulated packets over the major interface (not subif) due to the lack of the inter zone Geneve sessions.
Now it works fine and I have full AZ + Firewall fault tolerance.
• Geneve Session 1: GWLBe1 (AZ1) <–> FW1 (AZ1)
• Geneve Session 2: GWLBe1 (AZ1) <–> FW2 (AZ2)
• Geneve Session 3: GWLBe2 (AZ2) <–> FW1 (AZ1)
• Geneve Session 4: GWLBe2 (AZ2) <–> FW2 (AZ2)
Let me know if this helps anyone!