cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Enyi_Ajoku
Nickel

VSX and VXLAN LAN Extension

Hello Everyone,

I would greatly appreciate your response and time in trying to provide information with regards to my post.

Is anyone familiar with this architectural deployment:

Site A and Site B: Different Geographic Locations

Switches: Nexus

Architecture: VXLAN, LAN Extension

Firewall: CheckPoint

Architecture: VSX

Firewall: One cluster with four members (2 members in Site A and 2 members in Site B)

Switches: 4 nexus switches (2 in site A and 2 in site B). VXLAN LAN Extension.

Layer 3: BGP between Cluster and Nexuses

Layer 2: Vlans between Cluster and Nexuses

0 Kudos
6 Replies

Re: VSX and VXLAN LAN Extension

I would suggest to either comission CP Professional Services or a partner with similar level expertise ! I would not assume that some tipps from  CheckMates could successfully guide you thru what you want to achieve (you did not write what you intend to understand or do with that complicated deployment). Or are you CCSE / CCSM certified yourself ?

0 Kudos

Re: VSX and VXLAN LAN Extension

Hi Enyi,

Could you be more specific with your question please? At this point we are just looking at random components I believe so if you could specify what it is you need help with it would be great.

0 Kudos
Enyi_Ajoku
Nickel

Re: VSX and VXLAN LAN Extension

You're right but my thought process was if anyone has such deployment would have an understanding of the concept. So this is my issue here:

Site A is my primary build, I have SIC trust established between members in Site A and Site B

Members in Site A and Site B are joined and communicating with the Management Station.

I have BGP configured and established between the members and nexus in Site A but not with the nexus in Site B

A ping test to the nexus in Site B give a destination unreachable result and the same thing when i do test to Site A from members in Site B

I also wanted to add that when i do a cphaprob stat i get the following: active, standby, down, down

0 Kudos

Re: VSX and VXLAN LAN Extension

I'm not familiar with VXLAN but in these type of cases most of the problems are caused by VLAN's not being streched. You need to have all VLAN's available on both sites on all 4 nodes for this to work properly. Normally on each interface only the highest and the lowest VLAN is monitored, however with VSX in VSLS mode - all VLANs are monitored by default.
Regards, Maarten
Enyi_Ajoku
Nickel

Re: VSX and VXLAN LAN Extension

You're so correct, made some changes to the vlan, stretched the vlan and it all came up.

 

0 Kudos
Highlighted
Admin
Admin

Re: VSX and VXLAN LAN Extension

A network diagram would be helpful.
0 Kudos