Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
385
Views
0
Helpful
3
Replies

Enterprise BGP and ASA

Go to solution
Luke Robertson
Level 1
Level 1

‎04-25-2016 06:32 PM - edited ‎03-05-2019 03:53 AM

Hi,

I've been thinking about peering with multiple providers, and obviously BGP would have to be involved to advertise our address space to the internet.

Many BGP articles warn about selecting a suitable router, as with peering it will download many many routes from its peers. I realise that this would definitely be true for a service provider, but is this also the case for the Enterprise?

I'm not planning for our network to become a transit area, so in this case would BGP download all the internet routes from its peers, or would it be configured to just use default routes?

In addition to this, I recently discovered that ASA now supports running BGP. Would the ASA be suitable for the use I've described above, or is it meant to be used for iBGP? Are there any guidelines for selecting a suitable model for this purpose?

Thank you for help.

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Tagir Temirgaliyev
Spotlight
Spotlight

‎04-25-2016 09:22 PM

ASA ver 9.4 supports BGP but only default routes. as well as palo-alto firewalls, as well as juniper firewalls. They all not support full routing table. and probably you don't need full routing table.

You did not described your goals. What do you want to achieve ? load balancing? or just redundancy ? true 50-50% load balancing is impossible with BGP and default routes but redundancy will be.

And you will need to buy PI (provider independent IP addresses /22 or /23 ) and AS

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Tagir Temirgaliyev
Spotlight
Spotlight

‎04-25-2016 09:22 PM

ASA ver 9.4 supports BGP but only default routes. as well as palo-alto firewalls, as well as juniper firewalls. They all not support full routing table. and probably you don't need full routing table.

You did not described your goals. What do you want to achieve ? load balancing? or just redundancy ? true 50-50% load balancing is impossible with BGP and default routes but redundancy will be.

And you will need to buy PI (provider independent IP addresses /22 or /23 ) and AS

0 Helpful

Go to solution
Luke Robertson
Level 1
Level 1
In response to Tagir Temirgaliyev

‎04-25-2016 09:33 PM

Thank you for your reply, I appreciate it.

The goal is for redundancy across providers. This is in a small multi-tenanted DC environment, so another idea (that I haven't fully investigated yet) is to use PBR for outbound routing to have some tenants use provider-A, and other tenants use provider-B, and to use the alternate provider in a disaster scenario. BGP would still be used for advertising networks for inbound routing.

I have some IP's which have been allocated by APNIC, and I believe they have allocated an AS as well.

Any thoughts on the overhead that this would add to the ASA? If it's not learning the global internet routes, does this become negligible, or is this still a primary concern?

0 Helpful

Go to solution
Tagir Temirgaliyev
Spotlight
Spotlight
In response to Luke Robertson

‎04-26-2016 12:38 AM

I think  overhead is negligible even for smallest ASA

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card