configuring BGP

qazisalman · ‎07-07-2014

Hi,

We have two data centers. Both data center have different applications which need internet access. We want to keep both internet circuit active at the same time. This is going to be a Active- Active situation without load balancing.. First Data center (DC1) has highly sensitive applications. Second data center (DC2)applications are not important.

1- We are just trying to make second data center internet circuit a backup for Data Center#1 but do not want to make data center#1 internet circuit backup for data center#2.Can someone please advise scripts/configurations that fits my situation?

2-We want to secure/filter IBGP connection between both data centers. IBGP connection will not be passing through any firewall. Because we have a different group that controls firewalls and we want to fully control BGP. I am trying to get some thoughts that should IBGP connection pass through firewall? We this is a security concern then what options do we have to avoid firewall group involvement? If we cant avoid it what changes will be required on ASA?

Please advise.

Thanks,

Vasilii Mikhailovskii · ‎07-11-2014

Hello.

Please draw a diagram with all the circuits and IP-addresses you are using for BGP.

Please highlight your critical application on the diagram.

If you need to run BGP session over firewall, then you need special configuration only if you use password command under neighbor statement. In this case on you ASA you need to disable sequence number randomization and allow TCP option 19 for that BGP session (in both ways).