12-20-2021 12:44 AM
I'm looking to directly connect a pair of PA3220 in HA mode to 2 x WAN circuits, one circuit to be Primary, the other circuit as Backup. Both circuits are provided by the same ISP (JANET) and run BGP, we also have the same publically routable subnet (provided by the ISP) on the LAN side of the routers, so the ISP has 2 routes to this subnet via either WAN circuit. I therefore need to control outbound and inbound traffic to use the Primary Circuit.
Previously in this setup I have used 2 x Cisco routers, one to each circuit. Both configured to form an eBGP neighbour with their upstream JANET routers, and then an iBGP neighbourship with each other. To control traffic to use the Primary link I do the following:
Outbound - configure Local Preference within a route map on each router with a higher value on the router connected to the Primary circuit. This info exchanged via the iBGP neighbourship.
Inbound - configure a BGP Community Attribute on each router sent to the eBGP neighbours, with the router connected to the Primary circuit with a greater value.
With a Palo Alto solution their is only one box with both circuits connected to it, so no need for an iBGP neighbour. I can control outbound traffic by weighting the default routes discovered from the eBGP neighbours to use the Primary WAN.
QUESTION - Can you configure 2 x weights within Community Attributes (one per circuit) so that they can send this to the two upstream eBGP neighbours ?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
