daddyopf.blogg.se

25 April 2023 - 03:41
Fortigate hardware vs software switch
Allmänt
Fortigate hardware vs software switch





We’ll focus on one VLAN at a time so that as little traffic as possible has to cross the VXLAN. The idea is to migrate systems live, and if internet traffic arrives for a system that has already been moved, it traverses the VXLAN to reach that system. However, I don’t want the traffic traversing the internet in the clear, so now it’s VXLAN + VPN. There is not layer two connectivity between locations, and the cost of deploying such a P2P link would be cost prohibitive due to the requirement for an annual contract, diverse paths, etc. The servers are running on internet-routable addresses, are dual-stack IPv4/IPv6, and both locations have full table BGP peering using unique ASNs. This post will be a work in progress while working through a data center migration without re-addressing systems, and without service interruption to public-facing services. LACP/LAG/MLAG/MC-LAG/port-channel or whatever your preferred vendor calls them)

fortigate hardware vs software switch

  • FortiGate VXLAN encapsulation functionality cannot involve aggregate interfaces (e.g.
  • FortiGate tunnel interfaces doing VXLAN encapsulation cannot offload IPSec to hardware NPU, so throughput may hit an upper limit even if you don’t have MTU problems.
  • Be very careful – your resulting config may be passing flood-based routing protocol packets, spanning tree BPDU’s, and any other broadcast / layer two things occurring on your network.

    • fortigate hardware vs software switch fortigate hardware vs software switch

    Here’s some highlights if you don’t feel like reading:







    Fortigate hardware vs software switch
    0 kommentar(er)
    Om Mig: