Nice to meet you. This is my first post to the Cisco community.
We are considering a network configuration using Nexus9300 (vPC configuration), and there are points to check about BGP peering relationship and FW connection configuration.
The attached image shows "Physical Configuration", "Logical Configuration", and "Expected BGP Peer Relationship" from the left.
(1) BGP peering on Nexus9300 (vPC configuration)
The following documents are used as references. :
The configuration image is as follows.
N9k-A connects to both L3SW-A and L3SW-B (vPC)
·N9k-B also connects to both L3SW-A and L3SW-B (vPC)
·Assume separate segments between L3SW-A and Nexus and between L3SW-B and Nexus
For the above configuration, it is assumed that you will configure the following four eBGP peers:
・L3SW-A ~ N9k-A
・L3SW-A ~ N9k-B
・L3SW-B ~ N9k-A
・L3SW-B ~ N9k-B
※peer-gateway, layer3 peer-router This is a recognition that allows you to build peers through vpc peer link.
In this configuration, how should iBGP peers between N9k-A and N9k-B be configured?
Is it better to have a separate cross-section?
(2) Nexus and FW (HA configuration) connection
Refer to the following document (lower left of p.56). :
In the diagram, two FWs and two Nexus in a HA configuration appear to form a single LAG.
Is it really possible to do this, or is it a simplified version?
The expected configuration is as follows, in which each FW is configured with a separate LAG.
・FW-A ~ N9k-A,B
・FW-B ~ N9k-A,B
If you have a similar structure or if there are any design considerations, please let us know.
