Active Active BGP AS Number
cancel
Showing results for 
Search instead for 
Did you mean: 

Active Active BGP AS Number

L3 Networker

Have a Active/Active spit data center solution and question has been brought up if it is possible to use different AS numbers on each of the Palo's. My thinking is why have Active/Active, just use each Palo as a separate individual firewall at each DC. I'v never seen Active/Active Palo's having separate BGP AS numbers. It looks like it is possible since the VR config isn't synced but seems it would create an issue. Anyone else ever seen this or have an opinion? 

PCNSC, PCNSE
1 ACCEPTED SOLUTION

Accepted Solutions

L7 Applicator

it's possible since you can split routing completely but it would take out all reason to have a cluster in the first place, unless you'd have some site specific AS with an upstream shared AS somehow (so you do end up sharing the same IP subnet over different AS)

 

adding clustering will only increase overhead at no gain

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

View solution in original post

4 REPLIES 4

L7 Applicator

it's possible since you can split routing completely but it would take out all reason to have a cluster in the first place, unless you'd have some site specific AS with an upstream shared AS somehow (so you do end up sharing the same IP subnet over different AS)

 

adding clustering will only increase overhead at no gain

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

View solution in original post

Thanks, that was my thinking also, why even have the AA cluster at that point.

PCNSC, PCNSE

i've been thinking it over a bit, the thinking is probably that each site would act as DR for the other site and a floating IP could move to the other site if one site fails ? to provide internet connectivity?

 

 

if there's an option  to integrate OSPF that would be the better option, but if the network is super flat with no routing an AA A/P-P/A could work (although it will bring heartache and acid reflux )

Tom Piens
Like my answer? check out my book! https://bit.ly/MasteringPAN

The customer is already running BGP internally even though their current ASA is all static routes. I had thought about OSPF but we ended up deciding on BGP internally since that is what they are currently running and upstream to ISRs. The A/A setup is a single firewall at each DC which was originally supposed to be A/P. It's already given me enough heartache so I don't want to introduce any more.

PCNSC, PCNSE
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!