Hello networking friends!
The long short of this is that my organization is moving from on-premise servers to a colocated data center. My job is to engineer the primary connection, failover, and DR connection.
The primary connection is a wave product from an ISP. The backup to that is an IPSec VPN terminated at an NSX virtual appliance. The DR connection as planned, is an IPSec VPN.
Over the primary connection we have OSPF in place. At the data center end, there is a static route with a high metric to initiate failover if the primary connection were lost. This works. Failing back, when the routes become available over OSPF again, does not work so well. But we're working through that.
The IP space at the DR and Primary DC sites is different. So, an issue I see looming is preserving the NAT address during a DR test/failover event.
Another issue, since the VPN is terminated on the firewall, any traffic destined for either data center from the outside will likely be forwarded through the VPN instead of downstream.
So, how do you guys combat these issues?
No comments:
Post a Comment