Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
113
Views
0
Helpful
0
Replies

BVI firewall on VXLAN Spine?

Beazle
Level 1
Level 1

‎03-27-2024 04:57 AM

We are looking into implementing VXLAN in our Data Center and the question of where to connect our Data Center firewalls came up. We have 2 relatively small Data Centers with firewalls in each running HA. Our Data Center firewalls use BVIs. In a spine leaf topology is there any reason to not attach the firewalls to the spine? My thought is to have the Data Center subnets terminated on the leafs running anycast gateway so there is an active gateway in each Data Center. We would then have our firewall transit networks on the Spines. That way regardless of which leaf a host connects to they route up to the spine where they hit their firewall transit network to traverse the firewall, then they either leave the Data Center or traverse back down to the appropriate leaf to reach the destination host.

I have read a lot where people say to connect the firewalls to the leafs, but is what I described a valid design?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents