cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post

Best practice for 10Gb interfaces setup

Hi,

We have to replace our current firewall cluster by a pair of 15600 in active-stanby mode (with 2 10Gb and 8 1Gb interfaces). This firewall cluster will be connected to a pair of Cisco Nexus switches with vPC (active-active).

We have different choices for the connections :

1) bonding both 10Gb interfaces on each firewall, connect them to both Nexus, and make all the internal and external traffic go through this bond, using VLANs

2) bonding both 10Gb interfaces on each firewall, connect them to both Nexus, and make only internal traffic go though the bond. Then bond also 2 or more 1Gb interfaces, connect them to both Nexus, and make only external traffic go though this other bond.

3) do not use bonding at all. Dedicate one 10Gb interface for external traffic, and the other for internal traffic, on each firewall. Connect each firewall only to one Nexus switch.

 

What is the general recommandation for this setup ?

Tags (2)
1 Reply
Highlighted

Re: Best practice for 10Gb interfaces setup

I would probably go with option 1 as you are connecting to the same physical switch. Other two options I would consider if I had separate internal and external switches.