We have two geo-redundant DCs and we want to connect Azure ExpressRoute to both DCs in an active/passive configuration.
Here's a diagram: https://i.imgur.com/inR5rWr.png
The problem is trying to get FW B to send traffic to FW A to go over the high speed ER circuit via the DC Interconnect instead of via the ER connecting directly to FW B.
If traffic goes over the ER from FW B then the Azure metric will send return traffic to FW A which will create asymmetric routing.
We've tried redistributing the Azure routes from BPG into OSPF at both FWs with a huge metric for the passive ER, but we're not seeing the redistributed routes in OSPF on the local side only the remote side. So FW B will see the routes FW A redistributed into OSPF but FW A won't be able to see those same routes in it's own RIB.
I'm potentially thinking that the best option might instead be try peering both FWs over BGP and then trying to use local preference to prefer the high speed ER, but if we were to do that would it be better to have eBGP running over the existing OSPF between the DCs? Or would it be better to replace OSPF with BGP and put the switches in as iBGP peers with their local firewall?
Has anyone had any experience in this type of cloud connection configuration before?
No comments:
Post a Comment