Need help with BGP in Active/Active HA

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Need help with BGP in Active/Active HA

Not applicable

We have a pair of 5520's in Active/Active mode at a colocation facility.  The colocation facility is handing off to us 2 separate LC fiber connections, each has it's own public /30 address but utilize the same AS number for our BGP.  We have a /24 from the collocation facility that we can advertise on our PA HA pair.  We want to stay Active/Active, but can not go full mesh as we only have a /30 for each connection and only one physical drop per circuit.  You can think of it as 2 separate ISP's if it helps.  Our PA reseller/consultant states that this can not be done and that we either need full mesh (so I have to pay for an additional physical connection per circuit and change the /30 to a /29 on each) or add an additional layer of hardware in front of the PA's.

So basically we have this:

LC Fiber Circuit 1: Public IP/30 (x.x.x.9 colocation router - x.x.x.10 our PA#1) - BGP Peer (our AS = zzzzz)

LC Fiber Circuit 2: Public IP/30 (y.y.y.65 colocation router - y.y.y.66 our PA#2) - BGP Peer (our AS = zzzzz)

Single Class C

Is it possible to have the 5520's in HA Active/Active without the full mesh?  If so, how?

Thank you.

1 accepted solution

Accepted Solutions

Hi Jeff,

Yes, it looks like this is a supported design. I would use the Active/Active configuration from this document as a base (See Page 14):

Tech Note: How to Configure BGP

BTW, this document is referenced in this larger Design Guide:

You will find a Note at the bottom of page 14 of Tech Note: How to Configure BGP that is incorrect.  The note that says a L2 switch is required only applies to Active/Passive HA with BGP.

Use this config and then you can add iBGP between both firewalls to complete your configuration.

Cheers,

Kelly

View solution in original post

4 REPLIES 4

L5 Sessionator

Hello Jeff,

The following thread discusses the various BGP deployments in HA cluster , tested by user  kbrazil

Looks like full mesh is what we recommend.

-Ameya

L4 Transporter

Hi Jeff,

Is what you are describing similar to page 7 of this document?

BGP-diagrams-ext.pdf

Cheers,

Kelly

Kelly,

That is exactly our configuration.  ISP A has a public /30 address on their switch and we have the other on our PA#1 and then ISP B has a different public /30 address on their switch and we have the other on our PA#2.  Our PA's are in the same datacenter and mounted right next to each other.  We have a single AS assigned to our /24 address.

Does this mean this is a supported configuration?  If so, where can I get more information on the correct setup of this?

Thank you,

Jeff

Hi Jeff,

Yes, it looks like this is a supported design. I would use the Active/Active configuration from this document as a base (See Page 14):

Tech Note: How to Configure BGP

BTW, this document is referenced in this larger Design Guide:

You will find a Note at the bottom of page 14 of Tech Note: How to Configure BGP that is incorrect.  The note that says a L2 switch is required only applies to Active/Passive HA with BGP.

Use this config and then you can add iBGP between both firewalls to complete your configuration.

Cheers,

Kelly

  • 1 accepted solution
  • 6371 Views
  • 4 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!