Hi Guys,
I have currently two data centers inter-connected with dark fiber. Only one of them has ISP uplinks ( two separate BGP routers - each multihomed with 2 ISPs - we have AS and PI). Apart from 2 eBGP each router has iBGP between them and OSPF to propagate loopback routes and VRRP for redundancy from LAN side. LAN side has a default to VRRP VIP configured on Fortigate cluster in active-stanby mode.
As it comes to physical connections in DC1 both BGP routers have directly connected ISPs and behind them I have dedicated L2 switches to connect to Fortigate cluster.
I need to move one BGP router with one ISP to another location DC2 that is connected with private fiber with DC1. I want to move one Fortigate from the cluster as well. The problem is that I have only one core switch within DC2 which terminates this private link and we use this for internal vlans. I will have to connect BGP router and FW to that switch in DC2.
Now the question arises - I have several mainly safety concerns:
- Is it safe to put iBGP vlan over the same L2 switch (physically the same aggregated link) between DC1 and DC2? I have only one private aggregated link.
- What about traffic to FW from DC2 - I assume that only one Fortigate would be active (in DC1) and some traffic from BGP router in DC2 (even if not prefered) would also go to FW in DC1 over the same physical ports within aggregated link?
No comments:
Post a Comment