https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286875#M1078178 <P>Hi all, shortly have to RUN BGP a couple of FTD 4115 in HA, managed by a 1600 FMC, it's all on premises. I was wondering about the BGP sessions if they have to be established according to which of the following cases:</P><P>1) one router peers with both active and passive FTD.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Tanto.PNG" style="width: 235px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103778i9EC2B10B718D123F/image-dimensions/235x283?v=v2" width="235" height="283" role="button" title="Tanto.PNG" alt="Tanto.PNG" /></span></P><P>&nbsp;</P><P>2) router peering is as per image below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Poco.PNG" style="width: 249px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103779i97276EA63EEB9AF0/image-dimensions/249x299?v=v2" width="249" height="299" role="button" title="Poco.PNG" alt="Poco.PNG" /></span></P><P>&nbsp;</P><P>3) router peering is as per image below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nada.PNG" style="width: 296px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103780i3C6C1ED1C62937D6/image-dimensions/296x341?v=v2" width="296" height="341" role="button" title="nada.PNG" alt="nada.PNG" /></span></P><P> </P><P>Any insight would be very much appreciated</P><P>&nbsp;</P><P>Davide</P><P> </P><P> </P> Fri, 05 Feb 2021 17:34:23 GMT DavideRanalli76560 2021-02-05T17:34:23Z https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286875#M1078178 <P>Hi all, shortly have to RUN BGP a couple of FTD 4115 in HA, managed by a 1600 FMC, it's all on premises. I was wondering about the BGP sessions if they have to be established according to which of the following cases:</P><P>1) one router peers with both active and passive FTD.</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Tanto.PNG" style="width: 235px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103778i9EC2B10B718D123F/image-dimensions/235x283?v=v2" width="235" height="283" role="button" title="Tanto.PNG" alt="Tanto.PNG" /></span></P><P>&nbsp;</P><P>2) router peering is as per image below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Poco.PNG" style="width: 249px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103779i97276EA63EEB9AF0/image-dimensions/249x299?v=v2" width="249" height="299" role="button" title="Poco.PNG" alt="Poco.PNG" /></span></P><P>&nbsp;</P><P>3) router peering is as per image below</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="nada.PNG" style="width: 296px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/103780i3C6C1ED1C62937D6/image-dimensions/296x341?v=v2" width="296" height="341" role="button" title="nada.PNG" alt="nada.PNG" /></span></P><P> </P><P>Any insight would be very much appreciated</P><P>&nbsp;</P><P>Davide</P><P> </P><P> </P> Fri, 05 Feb 2021 17:34:23 GMT https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286875#M1078178 DavideRanalli76560 2021-02-05T17:34:23Z https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286880#M1078179 <P>Hi <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1113820">@DavideRanalli76560</a></P> <P>Option 3 would be correct.</P> <P>&nbsp;</P> <P>Only the Active unit listens on TCP port 179 for BGP connections from peers. The Standby unit does not participate in BGP peering, and hence does not listen on TCP port 179 and does not maintain the BGP tables. BGP route additions and deletions are replicated from the Active to the Standby unit. Upon failover, the new Active unit listens on TCP port 179 and initiates the BGP adjacency establishment with peers.</P> Fri, 05 Feb 2021 17:41:36 GMT https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286880#M1078179 Rob Ingram 2021-02-05T17:41:36Z https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286912#M1078190 <P>&nbsp;</P><P>from this documentation (Page 38) looks like is not like this</P><P><A href="https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3032.pdf" target="_blank">https://www.ciscolive.com/c/dam/r/ciscolive/emea/docs/2020/pdf/BRKSEC-3032.pdf</A></P><P>&nbsp;</P><P>Each member forms independent adjacencies in Individual mode<BR />• Same protocols as in Spanned Etherchannel, but multicast data is centralized<BR />• Higher overall processing impact from maintaining separate routing tables<BR />• Slower external convergence on any member failure</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 05 Feb 2021 18:32:16 GMT https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286912#M1078190 DavideRanalli76560 2021-02-05T18:32:16Z https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286934#M1078193 <P>Sorry I assumed when you meant HA that you were referring to Active/Standby, not clustering.</P> <P>In which case each FTD member establishes adjacencies, as you've noted from that CL doc.</P> Fri, 05 Feb 2021 18:51:48 GMT https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286934#M1078193 Rob Ingram 2021-02-05T18:51:48Z https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286950#M1078195 <P>My bad, I didn't get the document right, actually I should apologize, I am doing HA, your first answer answered perfectly what I first asked.</P><P>&nbsp;</P><P>Thanks very much for your precious help</P><P>&nbsp;</P><P>Davide</P> Fri, 05 Feb 2021 19:05:42 GMT https://community.cisco.com/t5/network-security/bgp-in-cluster-ftd/m-p/4286950#M1078195 DavideRanalli76560 2021-02-05T19:05:42Z