[c-nsp] IPv6 routing vs IPv4 Nating
Gert Doering
gert at greenie.muc.de
Tue Aug 23 08:21:17 EDT 2016
Hi,
On Mon, Aug 22, 2016 at 10:54:04PM +0100, Tom Hill wrote:
> On 22/08/16 22:34, Gert Doering wrote:
> > Not if you NAT the IPv4 - the NAT part enforces symmetry.
> >
> > Not that I'm a big fan of NAT, but it has its uses :-)
>
> FHRPs aren't just for 'inside' interfaces. You do have to be sure to
> adjust the priorities of 'inside' and 'outside' interfaces together to
> maintain your symmetry, but that's not difficult. FHRP also takes care
> of ARP delays during failover.
So how do you FHRP one firewall(cluster) in the US with one firewall(cluster)
in Europe, ensuring symmetric traffic?
> Assuming there's state synchronisation in all cases, of course.
Think larger networks :-)
In the "I have two firewalls that are connected to the same inside and
outside LANs" case, everything is mostly trivial.
gert
--
USENET is *not* the non-clickable part of WWW!
//www.muc.de/~gert/
Gert Doering - Munich, Germany gert at greenie.muc.de
fax: +49-89-35655025 gert at net.informatik.tu-muenchen.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 273 bytes
Desc: not available
URL: <https://puck.nether.net/pipermail/cisco-nsp/attachments/20160823/492af1bc/attachment.sig>
More information about the cisco-nsp
mailing list