Firewall Distance for Storage #65
Description
In case a cluster does use storage there might be situations where the storage is located in one zone/datacenter and the firewall is located in another.
Then the storage traffic needs to cross datacenter boundaries to reach the storage VRF done by the route leak on the firewall and from there the datacenter boundary needs to be crossed again to reach the storage.
This is bad for storage latency.
To avoid this, we could spin up multiple firewalls, one for each zone/datacenter and prolong the path other destinations than storage in the storage VRF as we already do for the default routes in the internet VRF.
We can either define one firewall as "master" for the default routes and one firewall as "master" for the storage, or set the firewall which is nearest to the storage as "master" for both destinations.