topic Re: Need help with BGP in Active/Active HA in General Topics

Need help with BGP in Active/Active HA

jeff_mathena — Tue, 19 Feb 2013 00:30:24 GMT

We have a pair of 5520's in Active/Active mode at a colocation facility. The colocation facility is handing off to us 2 separate LC fiber connections, each has it's own public /30 address but utilize the same AS number for our BGP. We have a /24 from the collocation facility that we can advertise on our PA HA pair. We want to stay Active/Active, but can not go full mesh as we only have a /30 for each connection and only one physical drop per circuit. You can think of it as 2 separate ISP's if it helps. Our PA reseller/consultant states that this can not be done and that we either need full mesh (so I have to pay for an additional physical connection per circuit and change the /30 to a /29 on each) or add an additional layer of hardware in front of the PA's.

So basically we have this:

LC Fiber Circuit 1: Public IP/30 (x.x.x.9 colocation router - x.x.x.10 our PA#1) - BGP Peer (our AS = zzzzz)

LC Fiber Circuit 2: Public IP/30 (y.y.y.65 colocation router - y.y.y.66 our PA#2) - BGP Peer (our AS = zzzzz)

Single Class C

Is it possible to have the 5520's in HA Active/Active without the full mesh? If so, how?

Thank you.

Re: Need help with BGP in Active/Active HA

UhMayYeah — Tue, 19 Feb 2013 01:12:28 GMT

Hello Jeff,

The following thread discusses the various BGP deployments in HA cluster , tested by user kbrazil

Looks like full mesh is what we recommend.

-Ameya

Re: Need help with BGP in Active/Active HA

kbrazil — Tue, 19 Feb 2013 01:51:31 GMT

Hi Jeff,

Is what you are describing similar to page 7 of this document?

BGP-diagrams-ext.pdf

Cheers,

Kelly

Re: Need help with BGP in Active/Active HA

jeff_mathena — Tue, 19 Feb 2013 03:37:42 GMT

Kelly,

That is exactly our configuration. ISP A has a public /30 address on their switch and we have the other on our PA#1 and then ISP B has a different public /30 address on their switch and we have the other on our PA#2. Our PA's are in the same datacenter and mounted right next to each other. We have a single AS assigned to our /24 address.

Does this mean this is a supported configuration? If so, where can I get more information on the correct setup of this?

Thank you,

Jeff

Re: Need help with BGP in Active/Active HA

kbrazil — Thu, 21 Feb 2013 04:14:33 GMT

Hi Jeff,

Yes, it looks like this is a supported design. I would use the Active/Active configuration from this document as a base (See Page 14):

Tech Note: How to Configure BGP

BTW, this document is referenced in this larger Design Guide:

You will find a Note at the bottom of page 14 of Tech Note: How to Configure BGP that is incorrect. The note that says a L2 switch is required only applies to Active/Passive HA with BGP.

Use this config and then you can add iBGP between both firewalls to complete your configuration.

Cheers,

Kelly