Let's say we have two DCs with VXLAN fabric like in this diagram:
How would you configure the firewalls if you wanted to be able to do VMotion between DCs and have the VM to still have it's original IP address? I could have anycast gateways to get out of the DC network, but how about the firewall? I guess I could use BGP on the firewalls, and of course copy rules between them, and just live with the fact that sessions drop after doing a migration. Or maybe running active-active firewall cluster, I guess it might work too?
Thanks!
No comments:
Post a Comment