TL;DR: can I make a VxLAN to a remote Fortigate where my subnet already exists in the routing table?
Sysadmin here. One of our customers wants to colo a server in our rack in our DC for DR purposes. To make my life easier I looked into creating a VxLAN IPSec tunnel as not to run into issues of re-IPing all the replicated VM in a DR situation (some if which have finicky software with static IPs in internal configurations).
From what I have been reading, Fortigate creates a software switch and one can assign ports to it (assuming they have to be free). This should mean its like connecting two switches (L2) over an IPSec tunnel and routing does not matter here (L3). Hence if I have the subnet already present in the routing table of Fortigate at the destination in our DC, it should not interfere.
The only issues I see here is that I won't be able to access the client's network via the Fortigate in our DC as there is a route present with the same subnet. Also not quite sure yet how I will reconfigure the ports on the client's Fortigate unit so as not to having re-do all the policies (because some genius before me didn't think of using zones...)
No comments:
Post a Comment