Hello!
We have a DC-DC failover architecture from Meraki;
2x MX250 (HA) configured as VPN concentrator in each of our 2 DCs (Site A and Site B), both sites connected by an MPLS link. Hub and spoke topology with our remote branches. All our spokes have Site A as the prioritized hub (concentrator) in split tunneling.
The MXs are in a DMZ behind ASA5500s. We're trying to clean up the routing tables and put some static routing in our network. The ASAs have static routes to remote branches pointing to the MXs so I turned off OSPF on the MX concentrators. Now, our core switches from both sites are in a neighboring OSPF relationship so are our core switches with our ASAs.
I was wondering if the core switch of Site B needs to know about the DMZ subnet where our MXs reside in that DMZ in Site A and vice-versa ? Do I need to advertise that network in OSPF on each side?
My thoughts are if the hub from Site A crashes, traffic from remote branches will be routed through Site B's hub and will flow across that MPLS link if they need to access resources in Site A.
I did my best to explain our topology, let me know what you think :D
Thank you very much
No comments:
Post a Comment