Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

BGP Across Two Data Centers

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BGP Across Two Data Centers

L0 Member

hey all, we have a customer who currently has two PA-2050 nodes setup with HA at one location.

they would like to split the pair and have one PA-2050 at Site1 and the other at Site2 ... setup as Active/Standby.

There would be two private L2 networks between them - one for the HA/keepalive and the other to tie in the inside interfaces.

each pa-2050 would have a "single" BGP connection to its own ISP, advertising the same block.

site1 would only have bgp to isp1 and site2 would only have bgp to isp2

site1 would be preferred for both ingress/egress traffic, and site2 would be backup in case site1 fails.

is this possible? so far, have read docs where both pa's have to be at the same location where they connect to both isp's.

thanks in advance!

1 REPLY 1

L7 Applicator

I think for this application you are going to need to be active/active.  In an active/passive setup the passive device interfaces are held in a down state until failover.  You cannot have that active BGP session going in this scenario.  The alternative is you peer to both ISP from the active device.

Just to clarify your connectivity,  you will need layer 2 on HA 1 & HA2 for Active/passive and you would need to add a third vlan for HA3 if you have active/active.  Also note that these need to have jumbo frames and low latency.

Steve Puluka BSEET - IP Architect - DQE Communications (Metro Ethernet/ISP)
ACE PanOS 6; ACE PanOS 7; ASE 3.0; PSE 7.0 Foundations & Associate in Platform; Cyber Security; Data Center
  • 1982 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!