RE: OTV or I could use L2TPv3 with pseudo wire or from Travis Niedens on 2011-08-18 (Ccielab archives 08/2011)

From: Travis Niedens <niedentj_at_hotmail.com>
Date: Wed, 17 Aug 2011 20:39:56 -0700

I've dealt with that checkpoint heartbeat thing for years and hate it to
this day - the only stable deployment I have done was back to back failover
cable. I'd say migrate away from checkpoint if you can ;)

Travis

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Dan
Shechter
Sent: Wednesday, August 17, 2011 11:59 AM
To: Dinesh Patel
Cc: ccielab_at_groupstudy.com
Subject: Re: OTV or I could use L2TPv3 with pseudo wire or

There are several things you need to consider:

   - OTV is a smart a#@. There are some types of traffic it will not pass
   between DCs, like: checkpoint MCAST heart bits.
   - You still want to use OTV, as it gives you more protections against L2
   errors.
   - Any statefull device will give you headache. It usually means that only
   one device can be active in the same time on BOTH DCs, and you will see
lots
   of traffic between DCs.
   - Lab your network. Don't skip it!

Just my 2cents from OTV implementation with Checkpoint firewalls.

HTH,
Dan #13685 (RS/Sec/SP)
The CCIE troubleshooting blog: http://dans-net.com

On Wed, Aug 17, 2011 at 5:08 PM, Dinesh Patel
<jedidinesh_at_googlemail.com>wrote:

> Hi Experts,
>
> While study for my lab, I d like some help on a high end scenario. I
> have 2 datacentres and I want to connect their LAN at layer 2 between
> both datacentres. Each data centre has a ASA firewall.
> 1) How can I extand the layer 2 network from datacentre 1 to
> datacentre 2 without spanning-tree loops. I was planning on using
> either Cisco's new protocol *OTV* or I could use *L2TPv3 pseudo wire*.
> *QinQ*trunks or I could just create a
> *port-channel* across the 2 datacentres and trunk the interfaces
> 2) How can I ensure that the stateful NAT entries are the same on
both
> firewalls?
> Any help or suggestions on best practice of how to do this would be
> appreciated.
> Rgds
> Dinesh
>
>
> Blogs and organic groups at http://www.ccie.net
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Wed Aug 17 2011 - 20:39:56 ART

This archive was generated by hypermail 2.2.0 : Thu Sep 01 2011 - 06:05:56 ART