I came across a post of Ivan Pepelnjak about a madness of streched firewalls across DCI:
Ivan calls such an idea a stupidity and states:
“For those who still don’t get it: if you lose the communication between cluster members (which would happen after DCI link failure), the firewalls in one data center shut down and cut that data center off the net.”
I don’t get it. Assuming that your CCL is protected by at least two links going through two edge devices you can have the same probability of losing your data center as just for the North-South connectivity. This statement is simply true for DCI as well as for links to an external ISP or WAN. Is it an issue to have your DC down? This a reason to have at least two Data Centers. So not really. Unless DCI links are unstable or an application’s orchestration cannot manage it. The former can be related also to WAN links. Actually DCI can be more stable as it is possible they are in a form of a dark fibre or own DWDM systems. The latter is related to the application architecture which should be stateless or working in an active/active mode to cope with DC shut down.
Ivan promotes ‘a proper application architecture’ or ‘application reengineering’. I fully agree. If an application did not rely on L2 segment, clusters could be streched across L3 or it was stateless then the whole concept of L2 DCI or L2 DCI over L3 links would be avoided. It is not that easy. Bigger companies like Google, Facebook, some ISPs, news portals can work out the right application architecture from the scratch. But the rest companies still relies on applications which are stateful and require L2 to strech clusters.
Streched firewalls are necessary solutions for legacy application architectures. Right, if someone does not need session synchronization on FW or IPS then the active/standby mode is much more advisable. But please, stop pushing the network architects, engineers or vendors that they are trying to find a quick fix for the applications’ requirements. This is a root cause of the network design – Application architectures drive the network design. Not the opposite.