Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1641
Views
0
Helpful
8
Replies

BGP on C9300

Aoi
Level 1
Level 1

‎10-20-2023 10:52 PM

Hello

I have a customer using C9300 and we need to peer with their network using BGP.
If our side were to use something other than C9300, like routers or Fortigate/PaloAlto firewalls, what would be the common way to peer with them?

I am thinking of using an SVI on the C9300 or a loopback but really not sure which to go with.
Any ideas are very much appreciated.

Thanks

0 Helpful
8 Replies 8

MHM Cisco World
VIP
VIP

‎10-20-2023 10:58 PM

You can use 

Router port:- make port connect to FW as router port with no swithcport command 

SVI:- you can use SVI make port connect to FW as l2 port access vlan x (svi of vlan x)

Loopback:- first you need to make reachability via one port of above first and second port then you can use LO for bgp.

What is best op.

For me best op. Is using router port.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-21-2023 12:29 AM

If you changing the Cat 9K to Router or Firewall.

If you peering with customer exiting - is this Public or Private IP address ?

how is your exiting arrangement on switch SVI or router interface (p2p)

Switch is act different on SVI compare to Router and Firewall.

So Either you can use Loopback in Router, subject to it reachable to other side to peer BGP, Firewall suggest to use external Interface to peer with customer (it all depends on where the customer network terminating ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

M02@rt37
VIP
VIP

‎10-21-2023 02:09 AM

Hello @Aoi,

Use an uplink on C9300 (see with Customer if C9300 has got extension module) and plug it on your equipment. Define un /30 and test first reachability. After that configure BGP peering with your Customer and ensure exactly what IP addresses are needed to be exchanged. Best practices in BGP is to use route-map or route-policy to control what you advertise and what received in terms of IP adresses. Advice your Customer of that.

This approach is a practical way to set up BGP peering when you have the flexibility to add physical uplink interfaces to the C9300 switch. It provides dedicated connectivity for BGP without impacting other SVIs or loopback interfaces on the switch.

The choice of using an uplink interface, SVI, or loopback interface for BGP peering ultimately depends on your network design and your customer's requirements.

Be sure to align with your customer on the specific setup and IP addressing details to ensure successful BGP peering.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Richard Burts
Hall of Fame
Hall of Fame

‎10-21-2023 08:45 AM

The original post says "we need to peer with their network using BGP". Peering using BGP requires IP connectivity between the peers. It does not make any difference to the peer what device you are running (could be a router, could be a firewall, could be a layer 3 switch). 

HTH

Rick
0 Helpful

Aoi
Level 1
Level 1

‎10-22-2023 07:42 PM

@Richard Burts 
Thank you for your post. So what would be your idea?
In terms of fault tolerant designing, do you think loopback is the best option here?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Aoi

‎10-22-2023 08:29 PM

If we knew more about this environment we would be able to give better advice. Will your BGP device connect directly to the customer BGP device? Or is there other devices in the path from your BGP device to the customer? You mention fault tolerance which brings up the question whether your BGP device has a single physical connection to the customer or would there perhaps be multiple connections between the devices?

If there were to be multiple physical connections then I would suggest using a loopback interface address on your BGP device to peer with the customer. If there will be a single connection then I would suggest using the IP of your outbound interface as the address to peer with the customer.

I will let MHM provide his reasons for suggesting a routed port, but will say that one consideration is that using a routed port eliminates all Spanning Tree activity from the connection.

HTH

Rick
0 Helpful

Aoi
Level 1
Level 1

‎10-22-2023 07:45 PM

@MHM Cisco World 
Thank you for sharing. Can I ask why you think router port is the best idea?
Actually, my senior preffered not using router port for some reason. Not sure why exactly. 

0 Helpful

MHM Cisco World
VIP
VIP
In response to Aoi

‎10-22-2023 10:58 PM

SVI use l2 interface which effect by STP and this give more delay to interface to be UP or recover from fialed.

In other side 

Router port is l3 immediately when l1 detect interface up the l3 is up and that is more fast tha  l2 port and also can recover more fast than l2.

Your senior may not prefer router port becuase he already run subinterface in other side or SW port can not config as router port 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card