Massive panic this morning after my server engineer has changed his tune on whether or not we need to stretch our VLANs...
We have a multi-vendor setup, Arista cores in 2 buildings, Cisco core in the other and a Fortigate FW for internet breakout. I somehow need to stretch a few (but not all) VLANs that currently terminate on our 4500-X core across to another building with an Arista core.
Here is a super simplified, paint-powered topology of our L3 devices: https://imgur.com/a/RRlxxB0
Ideas I've had:
- VPLS on one of the 10Gb circuits (prov'd by ISP)
- But then what to do with the OSPF full-mesh? Do I just prune a trunk between the sites to only allow the VLANs I want, and use the OSPF network for everything else??
- Put another Fortigate in at the far-side and do VXLAN over IPSEC
- Can I even do this if the VLANs dont terminate on the Fortigate?
- Replace the 4500-X core with something that can x-connect/l2vpn
- Thats a lot of extra cost, and time that we don't really have...
Any other ideas, or thoughts on which idea of the above is best, would be highly appreciated.
No comments:
Post a Comment