There are several things you need to consider:
- OTV is a smart a#@. There are some types of traffic it will not pass
between DCs, like: checkpoint MCAST heart bits.
- You still want to use OTV, as it gives you more protections against L2
errors.
- Any statefull device will give you headache. It usually means that only
one device can be active in the same time on BOTH DCs, and you will see lots
of traffic between DCs.
- Lab your network. Don't skip it!
Just my 2cents from OTV implementation with Checkpoint firewalls.
HTH,
Dan #13685 (RS/Sec/SP)
The CCIE troubleshooting blog: http://dans-net.com
On Wed, Aug 17, 2011 at 5:08 PM, Dinesh Patel <jedidinesh_at_googlemail.com>wrote:
> Hi Experts,
>
> While study for my lab, I d like some help on a high end scenario. I have 2
> datacentres and I want to connect their LAN at layer 2 between both
> datacentres. Each data centre has a ASA firewall.
> 1) How can I extand the layer 2 network from datacentre 1 to
> datacentre 2 without spanning-tree loops. I was planning on using either
> Cisco's new protocol *OTV* or I could use *L2TPv3 pseudo wire*.
> *QinQ*trunks or I could just create a
> *port-channel* across the 2 datacentres and trunk the interfaces
> 2) How can I ensure that the stateful NAT entries are the same on both
> firewalls?
> Any help or suggestions on best practice of how to do this would be
> appreciated.
> Rgds
> Dinesh
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Wed Aug 17 2011 - 21:59:15 ART
This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART