We're planning a refresh for a somewhat large campus network, and was thinking if we could/should do it with VXLAN.
There would be quite a few different segments that are terminated on the central firewall (for security and compliance reasons) so having ACLs on switches or doing VRF lite doesn't seem very feasible. Comparing to running MPLS it would make addressing easier as all the addresses in the same segment could come from the same IP subnet.
Not really sure if we should include remote sites to the fabric, as most sites have only couple or few different segments. Originally we had plans on using small remote site FWs but we could of course just do a remote site VNI and connect it to the FW in the central site. Remote sites would have 100-1000Mbps connectivity to the main site. We're using MPLS connections from two different ISPs and they support MTU of around 1638 or something. (Here private MPLS lines are cheaper than internet connectivity so SD-WAN wouldn't help us)
Any thoughts? Thanks
No comments:
Post a Comment