AnsweredAssumed Answered

Best practice for 10Gb interfaces setup

Question asked by David GOURANTON on Feb 11, 2019
Latest reply on Feb 11, 2019 by Kaspars Zibarts

Hi,

We have to replace our current firewall cluster by a pair of 15600 in active-stanby mode (with 2 10Gb and 8 1Gb interfaces). This firewall cluster will be connected to a pair of Cisco Nexus switches with vPC (active-active).

We have different choices for the connections :

1) bonding both 10Gb interfaces on each firewall, connect them to both Nexus, and make all the internal and external traffic go through this bond, using VLANs

2) bonding both 10Gb interfaces on each firewall, connect them to both Nexus, and make only internal traffic go though the bond. Then bond also 2 or more 1Gb interfaces, connect them to both Nexus, and make only external traffic go though this other bond.

3) do not use bonding at all. Dedicate one 10Gb interface for external traffic, and the other for internal traffic, on each firewall. Connect each firewall only to one Nexus switch.

 

What is the general recommandation for this setup ?

Outcomes