This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Two Tier MLAG + router redundancy

Two Tier MLAG + router redundancy

Konrad_PL
New Contributor

‎04-12-2019 10:12 AM

Hi there!

For one of my customers I implemented Two-Tier MLAG on four X460-G2 switches based on the KB article: https://extremeportal.force.com/ExtrArticleDetail?an=000082635
Here is my diagram:

785789c4da274147a30956598a7e1af4_9276f934-cd74-4114-8a7e-32eb405fde1c.png

 


MLAG between all switches works like a charm, but I have doubts about how to connect two firewalls (those two onthe top) to my Data Center mesh...

What would be Your sugestion about implementation of two Palo Alto firewalls to provide the maximum redundancy? Both Palo Alto firewalls are running in Active-Pasive HA.


With regards,
Konrad

 

0 Kudos
1 REPLY 1

Christoph
Contributor

‎04-12-2019 03:08 PM

If the Firewall is LACP capable than I would suggest to connect each with MLAG to the two switches at the local data centre.
If one switch fails than nothing happens to the firewall connection. If one data centre fails than the HA peer of the Firewall should take over.
0 Kudos
li.common.scroll-to.top
GTM-P2G8KFN