Short: Has anyone ever worked with CloudGenix ION gear? I could use a design review from someone experienced with the product line, because I think I have a vendor trying to blow smoke up my ass.
Long answer: Since our team lead was laid off, I've been taking over one of our clients' CloudGenix deployments. There's some caveats to our DC environment and knowledge that he took with him that make this a little rougher than normal.
Connections from remote sites are hitting these boxes in our DC via Internet and our own MPLS network. It's a bog standard deployment on the face of it.
For the DC ION pair, they have two sets of uplinks. One to our chassis switch fronting our MPLS network and peered with the client VRF further down stream, as well as a dedicated pair to an ASA HA pair for public internet access. The connection to the ASA is using private IP space on the uplink, with all the NAT/egress routing handled by the ASA themselves.
They're telling me that "The IONs are not a transit device and we need to route through the core." I think that's bullshit, because there were a brief few moments where that was functioning fine before they changed things. I'm convinced they have their internal routing rules wrong.
All I suppose I'm looking for is an answer to this: can those uplinks to the ASA be used for egressing to the Internet under those circumstances? They're trying to tell me it's exclusively for VPN traffic, which seems like uninformed bullshit.
I can make a sanitized document available upon request.
No comments:
Post a Comment