Attaching a diagram for better understanding.
- VRF A is just containing the two Ptp SVIs between the WAN Router and the Firepower.
- Default route is statically configured in VRF A routing table pointing towards WAN Router IP.
- Firepower learns the default route from OSPF Neighbor as next hop - 10.1.2.1.
- GRT default route is learnt from OSPF Neighbor as next hop 10.1.3.2.
- For the sake of it, let's say the entire branch LAN subnet is 10.1.9.0/24.
All of this works fine and the traffic between the entire LAN either Firepower or Other L3 devices is sent via the Firepower still.
Even tho some might suggest this would be easier by just moving the WAN Route to the Firepower, well, this is why my next question.
How can we achieve some redundancy by sending the default route also between VRFs as backup scenario in case Firepower fails or ends up in some kind of issue?
I've seen some documentation around this but usually about the opposite direction or even using multiple devices.
Cores are regular IOS-XE with old IP Services or DNA Advantage.
Any help would be appreciated.
Diagram -> https://imgur.com/teyaf5L
No comments:
Post a Comment