Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
486
Views
0
Helpful
6
Replies

BGP session through 2 VPCs

irenof
Spotlight
Spotlight

‎03-03-2025 10:27 AM - edited ‎03-05-2025 12:54 AM

Hi all,

In a legacy network I have this situation:

irenof_0-1741164815925.png

basically, I have an eBGP session between the two VRFs that pass trhough a FW via the VPCs between Nexus and FWs. (VRF sandwich).

The source interface of the BGP session is the interface vlan of the Nexus.

I have to reproduce the same situation in ACI.

I have already created both the VPCs and I am trying to figure out how to associate them to a single BGP peer session.

When I create an L3Out, I create the node profile, the interface profile and 2 SVI (one for each VPC) with the same primary and secondary IP (with the correct VLAN). But the I am able to add a BGP peer only to a single SVI path (e.g. 111-112_VPC_11). What about the BGP session for VPC21? what happen in case of failover?

How can I associate a single BGP peering to both VPCs? I tryed with the BGP peer at node profile level, but it requires a Loopback..

Is this possbile in ACI, or should I also change the connectiviry design?

Thanks

EDIT:

I changed the image to better understand the situation.

Labels:
0 Helpful
6 Replies 6

AshSe
VIP
VIP

‎03-05-2025 12:08 AM

Hello @irenof 

Before sharing the solution, may I try to understand your current setup (Non-ACI). Please check the below images and share your concurrence with one of them:

Figure 1:

AshSe_0-1741161932209.png

or 

Figure 2:

AshSe_1-1741161983640.png

Feel free if you wish to make correction in your choice.

Looking for your response.

AshSe

0 Helpful

irenof
Spotlight
Spotlight
In response to AshSe

‎03-05-2025 12:53 AM

Hi @AshSe, the current setup is as depicted in Figure 1.

I analyzed the situation in ACI and it seems that when I create an L3Out with a VPC, the BGP peer I create is configured in both border leaves (regadless the BGP peer is configured at node level (loopback) or SVI). I cannot find a solution to create a single BGP peer profile for each node. This is the same, but it seems that VPC and BGP in ACI are not so elastic.

Is this right?

Thanks

0 Helpful

AshSe
VIP
VIP
In response to irenof

‎03-05-2025 01:08 AM - edited ‎03-05-2025 01:09 AM

Hi @irenof 

You do not create Double Sided vPC aka Sandwitch vPC by specifying two separate vPC IDs on the Port-channel. I wonder what are you achieving with such configuration.

Considering Figure 2, you can easily configure eBGP on ACI border leaf switches using SVI, with external (Non-ACI) switches.

Please comment.

AshSe 

Could you 

0 Helpful

irenof
Spotlight
Spotlight
In response to AshSe

‎03-05-2025 01:18 AM

Hi @AshSe this is the current design in the legacy environment. By the way, even with a single VPC a BGP peer is still configured in both the Nodes... This double the number of current BGP sessions. Am I wrong?

0 Helpful

AshSe
VIP
VIP
In response to irenof

‎03-05-2025 01:29 AM

@irenof wrote:

By the way, even with a single VPC a BGP peer is still configured in both the Nodes... This double the number of current BGP sessions. Am I wrong?

I am not getting this

If you configure a single vPC ID on the port channel, then it will give you P2P (logical) connectivity and you can easily configure a single BGP P2P peer.

0 Helpful

irenof
Spotlight
Spotlight
In response to AshSe

‎03-05-2025 02:04 AM

I tried this, but the single peering will be configured in both the Nodes, so two BGP sessions per peer.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License