We are opening a new office, which will have two fibre circuits back to our core. In the past we would simply run them active/backup but id like to take advantage of both if possible.
Setup will be as follows:
Switches > ASA Cluster > 2 x fibre back to diverse routers in diverse DC's.
We are looking at running OSPF to distribute default routes down to the ASA's, hoping to to take advantage of ECMP to use both links at once.
My question is will uRPF/ip verify cause issues with this? The Firewalls will have default routes with same metric over 2 different interfaces, but im not quite clear on uRPF strict checks, as ASA cannot run loose mode. If a packet is sent out uplink1 but reply is received from uplink 2 will that cause uRPF to fail if there is a default route via both uplinks?
No comments:
Post a Comment