I recently redesigned one of our largest campuses and deployed a new FTD appliance (yes, I know. I have plans to move to PA in the next 18-24 months). To give a better user experience, I changed their internet routing from corporate out circuit 1 and guest out circuit 2, to ECMP where both internet circuits are equal candidates for outbound internet routing. This mostly works and user experience has mostly improved in terms of bandwidth availability, however now we're having issues where certain websites do not work as they're supposed to. I have been able to resolve a few of these by adding static routes - Ultimate software, Ariba, and other applications that our HR dept uses that are locked to our specific static IP. But now, I've begun to get reports of other sites not working that are hosted on AWS and other CDNs. Even worse, it's only certain parts of these sites that don't work. For instance, Canvas (LMS that our training division uses) mostly works, but the file upload feature does not. I'm guessing there's an ancillary connection that it makes to some other cloud-hosted service that does not like ECMP. At this point, I'm kinda running out of ideas as to how to resolve this, and I'm even more scared to think that we will eventually be deploying SD-WAN here which may have the same problem. These internet circuits are business-class but because this site does not house one of our main data centers, we do not advertise our public address space to its carriers, so at any given point, any internet traffic can appear to be coming from 1 of 2 IP addresses.
Any advice that anyone can offer would be much appreciated. Thanks!
No comments:
Post a Comment