Hello,
As a result of a merger, my company consists of three connected campus LANs (Site A, B and C in the diagram). Sites A and B have a Cisco ASA 5515-X firewall and a managed service router from the ISP on the outside. The managed service routers at the two sites have two fibre leased lines back to the ISP in an Active/Failover configuration, using BGP. One of the ISP's Point of Presence is shared by Sites A and B and the other two POPs are in different cities.
As a result of merger we also have two different public IP address ranges from the ISP; one routing to Site A and one to Site B. For ease of illustration say:
Site A: 200.10.10.0/24
Site B: 200.20.10.0/24
It seems we are paying a lot for redundancy and I am looking to make this more efficient. If possible, I would like to cut the number of leased lines from the ISP to two - one to Site A and one to Site B - from different POPs.
It has been suggested I could use BGP to do this but I have never dealt with this protocol before and I understood it was primarily used to route between internet service providers and not at customer sites.
What would be the best design to improve WAN resiliency and efficiency? If I had two ISP links, one to Site A and one to Site B, could I run them as Active/Active links and have both public IP address ranges route to both sites? How might I avoid asymmetric routing problems with the two stateful firewalls at Site A and Site B (i.e. traffic going out of Site A and return traffic coming in via site B)?
Any advice would be much appreciated.
No comments:
Post a Comment