Two Tier MLAG + router redundancy

  • 12 April 2019
Hi there!

For one of my customers I implemented Two-Tier MLAG on four X460-G2 switches based on the KB article: https://gtacknowledge.extremenetworks.com/articles/How_To/Sample-configuration-for-two-tier-MLAG

Here is my diagram:

MLAG between all switches works like a charm, but I have doubts about how to connect two firewalls (those two onthe top) to my Data Center mesh...

What would be Your sugestion about implementation of two Palo Alto firewalls to provide the maximum redundancy? Both Palo Alto firewalls are running in Active-Pasive HA.

If the Firewall is LACP capable than I would suggest to connect each with MLAG to the two switches at the local data centre.
If one switch fails than nothing happens to the firewall connection. If one data centre fails than the HA peer of the Firewall should take over.