Does BGP need to be on a separate virtual router ?

Reply
L2 Linker

Does BGP need to be on a separate virtual router ?

I'm currently using rip in a single virtual router. I'm adding BGP for a Microsoft Express Route circuit. I have a consultant to assist in the BGP setup. He says the BGP needs to be in a separate virtual router. Is there a reason for this that anyone knows ? His answer is PaloAlto requires it. ???

PA3020.

 

TIA,

 

Greg

L7 Applicator

Re: Does BGP need to be on a separate virtual router ?

Hello,

A seoerate VR is not required to my knowledge.

 

https://www.paloaltonetworks.com/documentation/71/pan-os/pan-os/networking/bgp

 

Regards,

L4 Transporter

Re: Does BGP need to be on a separate virtual router ?

No VR is not required for BGP.

Highlighted
L7 Applicator

Re: Does BGP need to be on a separate virtual router ?

BGP runs fine with one virtual router.

What is consultants claim? That BGP in general needs seperate VR or because you have RIP already?

Enterprise Architect @ Cloud Carib www.cloudcarib.com
ACE (3.0, 5.0, 6.0, 7.0), PCNSE (6, 7), PCNSI
L7 Applicator

Re: Does BGP need to be on a separate virtual router ?

VR are needed when you need to isolate groups of routes that you don't want to propogate everywhere on the network.  I suspect we are missing some element of your topology and routing requirements that make putting the Azure Express Routes in an isolated instance.

 

What is the toplogy and what segments need to communicate with Azure across this connection?

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L2 Linker

Re: Does BGP need to be on a separate virtual router ?

My topology is pretty simple.  Core L3 switch with a half dozen vlans.

There is no requirement for isolation.

In fact I'm trying to figure out how this could work.

Part of what we are doing is connecting to the MS public PAS services such as Data Warehouse.

Using route filters we only get routing to the East Central region public addresses via the BGP session with Azure.

Since the BGP router has those routes, how would a workstation connected to the other VR know how to get to the Data Warehouse in East Central using the Express Route circuit.

 

There is no requirement for a separate VR other than consulant speak saying that's the way to do it.

L7 Applicator

Re: Does BGP need to be on a separate virtual router ?

It sounds like the VR is not a requirement for you then.  These would typically be used in your setup if you had only a segment of your network that would access the express route path.  This is usually a Data Center area of the network.  While the rest of the network should not see the routes or have access.

 

Importing the routes to a separate VR then makes it easy to control their redistribution on your company network to only thoese areas that need the access and nowhere else.

 

From your description it seems like this is not the case for your company.

 

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
L1 Bithead

Re: Does BGP need to be on a separate virtual router ?

You do not need a separate VR unless you are learning routes in BGP that overlap with routes in your existing network. If that is the case, you will have to worry about more that just a separate VR. 

L2 Linker

Re: Does BGP need to be on a separate virtual router ?

Thanks eveyone.

There was no reason to have a separate VR.

We went live with the Expressroute circuit last week.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!