For details on cookie usage on our site, read our Privacy Policy
BGP Multiple ISP VR Requirements
- LIVEcommunity
- Discussions
- General Topics
- BGP Multiple ISP VR Requirements
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
BGP Multiple ISP VR Requirements
- Mark as New
- Subscribe to RSS Feed
- Permalink
07-06-2016 12:44 PM
I'm attempting to wrap my head around a very critical piece of setting up BGP between 2 ISP's concerning how many Virtual Routers are required.
I currently have 1 ISP (A) up and running on BGP just fine and my other ISP (B) will be converted to BGP on Monday. Both will be advertising my public IP space from ARIN.
So my question is, do I put both ISP A's and ISP B's interfaces on the same VR or do they need to be on their own separate VR's?
I'm receiving a few conflicted answers to this question, so I'm looking for real world experience.
Currently I'm still a strong believer in that I need to just add my ISP B as its own Peer Group to my current primary Virtual Router, add ISP B's own subinterface to the Resdistribution Profile along with ISP A's subinterface, configure a new Import Rule for ISP B plus an Export Rule with a Prepend of 2 if I choose to, and finally check ECMP for "load balancing".
All this sounded great until I was told the following from a Palo rep: "Two interfaces ( belonging to same VR ) cannot have IP addresses from the same subnet. x.x.x.x/24"
That threw a wrench into my whole thought process because both ISP's are advertising my /24 from ARIN, but are physically connected with 2 different /30's to each ISP's switch.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-04-2016 01:30 PM
In the Redist Rules, did you ever try with just entering your public space subnet instead of referencing the redistribution profile?
As long as there is an entry for the public space in the routing table of the PA, this should work fine. Having a subinterface on the ARIN assigned network will satisfy this or you can create a dummy route, sort of like routing a prefix to null0 on a router.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-04-2016 01:50 PM
Can you add subnets to a Redist Rule directly? All I see are settings for Community, MED, Preference, etc.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-04-2016 02:12 PM - edited 11-04-2016 02:13 PM
Yep, just type the subnet directly in the box.
- Mark as New
- Subscribe to RSS Feed
- Permalink
11-07-2016 01:56 PM
That's interesting, I never took the time to read that line of text.
What are you using for your dummy static route?
- Multiple issues on Dynamic Updates PA-220 in General Topics
- API Key Required Permissions for File Retrieval in Cortex XDR Discussions
- Deleting V-sys via panorama in General Topics
- Understanding Licensing requirements for Runtime Defence for Containers in Prisma Cloud Discussions
- Cortex XDR Agent 8.0 Windows Requirements? Windows 7 compatible? in Cortex XDR Discussions
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
