We have a pair of 5520's in Active/Active mode at a colocation facility. The colocation facility is handing off to us 2 separate LC fiber connections, each has it's own public /30 address but utilize the same AS number for our BGP. We have a /24 from the collocation facility that we can advertise on our PA HA pair. We want to stay Active/Active, but can not go full mesh as we only have a /30 for each connection and only one physical drop per circuit. You can think of it as 2 separate ISP's if it helps. Our PA reseller/consultant states that this can not be done and that we either need full mesh (so I have to pay for an additional physical connection per circuit and change the /30 to a /29 on each) or add an additional layer of hardware in front of the PA's.
So basically we have this:
LC Fiber Circuit 1: Public IP/30 (x.x.x.9 colocation router - x.x.x.10 our PA#1) - BGP Peer (our AS = zzzzz)
LC Fiber Circuit 2: Public IP/30 (y.y.y.65 colocation router - y.y.y.66 our PA#2) - BGP Peer (our AS = zzzzz)
Single Class C
Is it possible to have the 5520's in HA Active/Active without the full mesh? If so, how?
Solved! Go to Solution.
The following thread discusses the various BGP deployments in HA cluster , tested by user kbrazil
Looks like full mesh is what we recommend.
That is exactly our configuration. ISP A has a public /30 address on their switch and we have the other on our PA#1 and then ISP B has a different public /30 address on their switch and we have the other on our PA#2. Our PA's are in the same datacenter and mounted right next to each other. We have a single AS assigned to our /24 address.
Does this mean this is a supported configuration? If so, where can I get more information on the correct setup of this?
Yes, it looks like this is a supported design. I would use the Active/Active configuration from this document as a base (See Page 14):
BTW, this document is referenced in this larger Design Guide:
You will find a Note at the bottom of page 14 of Tech Note: How to Configure BGP that is incorrect. The note that says a L2 switch is required only applies to Active/Passive HA with BGP.
Use this config and then you can add iBGP between both firewalls to complete your configuration.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!
The Live Community thanks you for your participation!