Cisco Cisco Nexus 5010 Switch Libro bianco
© 2016 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 18 of 75
Active-Standby Failover East-West Firewalls in Routed Mode
A pair of active-standby failover east-west firewalls can either individually connect to separate leaf nodes, as
shown in
, or have their links dual-homed to a vPC pair of leaf switches, as shown in
. In
general, border leaf nodes are not configured as vPC peers in programmable fabric, which limits the connectivity
options to only the single-homed scenario. If dual-homed vPC is needed, the firewalls can be connected to regular
or dedicated services leaf nodes.
Figure 11. Physical Connectivity Diagram Showing Active and Standby Firewall Units Single-Attached to Two Leaf Nodes,
and Hosts in Protected Subnets
Figure 12. Physical Connectivity Diagram Showing Active and Standby Firewall Units, Each Dual-Homed to Leaf
Nodes Using vPC
vPC Dual-Homed Active-Standby Firewall Connectivity in Routed Mode
With the current Cisco NX-OS Software, vPC dual-homed firewalls can be configured only with static routing. The
configuration will be very similar to Configurations 2a, 2b, 3a, and 3b. The only difference is that the trunk ports to
firewalls are now not individual interfaces, but vPCs connecting to both the active and standby units, as shown in