Re: OTV or I could use L2TPv3 with pseudo wire or

The heartbeat issue of all the vendors is no garden of roses!

We can all blame it on the game theory. There is no 100% with any
cluster technology.

I had issues with both Checkpoint and ASA. Lately (past 3 years), both have
been stable _enough_.

Best regards,
Dan

On Thu, Aug 18, 2011 at 6:39 AM, Travis Niedens <niedentj_at_hotmail.com>wrote:

> I've dealt with that checkpoint heartbeat thing for years and hate it to
> this day - the only stable deployment I have done was back to back failover
> cable. I'd say migrate away from checkpoint if you can ;)
>
> Travis
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Dan
> Shechter
> Sent: Wednesday, August 17, 2011 11:59 AM
> To: Dinesh Patel
> Cc: ccielab_at_groupstudy.com
> Subject: Re: OTV or I could use L2TPv3 with pseudo wire or
>
> There are several things you need to consider:
>
> - OTV is a smart a#@. There are some types of traffic it will not pass
> between DCs, like: checkpoint MCAST heart bits.
> - You still want to use OTV, as it gives you more protections against L2
> errors.
> - Any statefull device will give you headache. It usually means that only
> one device can be active in the same time on BOTH DCs, and you will see
> lots
> of traffic between DCs.
> - Lab your network. Don't skip it!
>
>
> Just my 2cents from OTV implementation with Checkpoint firewalls.
>
>
> HTH,
> Dan #13685 (RS/Sec/SP)
> The CCIE troubleshooting blog: http://dans-net.com
>
>
> On Wed, Aug 17, 2011 at 5:08 PM, Dinesh Patel
> <jedidinesh_at_googlemail.com>wrote:
>
> > Hi Experts,
> >
> > While study for my lab, I d like some help on a high end scenario. I
> > have 2 datacentres and I want to connect their LAN at layer 2 between
> > both datacentres. Each data centre has a ASA firewall.
> > 1) How can I extand the layer 2 network from datacentre 1 to
> > datacentre 2 without spanning-tree loops. I was planning on using
> > either Cisco's new protocol *OTV* or I could use *L2TPv3 pseudo wire*.
> > *QinQ*trunks or I could just create a
> > *port-channel* across the 2 datacentres and trunk the interfaces
> > 2) How can I ensure that the stateful NAT entries are the same on
> both
> > firewalls?
> > Any help or suggestions on best practice of how to do this would be
> > appreciated.
> > Rgds
> > Dinesh
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Aug 18 2011 - 10:08:21 ART