As most of you know, for several good reasons it's mostly suggested to use L3 switching as much as possible.
What I do not understand, is how are you supposed to firewall the traffic from one subnet to another, if for example your gateway is already in your access layer. Or even if your first L3 is in the core switches and you want to firewall between different subnets. Most would prefer not to firewall in the switch due to its limitations and probably performance hits as well.
I do know of several ways how you could do that - TrustSec, VRFs for all networks, VxLAN etc.
But all of them are pretty complex and I have had a notion that all these suggested designs do not expect you to use any other additional technology for firewalling.
Or are we supposed to use underlay for stitching everything together & overlay for routing from one end to a firewall?
So, what are "they" implying? Or how do you do it?
No comments:
Post a Comment