Changing HA-IP-Address over L3 Link

Hi Guys!

I got the following challenge I do not have a solution actually an dI appreciate any tips.




Referring to the Picture:

- Firewallcluster is connected to two Routers via L3 or L2 (with SVI) link

- If one Firewall fails (detected via HA link) the Ip-Address that is facing the routers ( is MOVES from FW1 to FW2.

- As there is no L2 connectivity via the L3 conected routers this is kind of issue here.


My Idea:

- Work with IP sla tracks and inject the routes into the backbone with the "track" option. But the limit for IP SLA is 1second for an ICMP timeout. I want to implement subsecond here.


Does anyone has an Idea here?

Thanks in advance!





