cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
270
Views
0
Helpful
3
Replies

Enterprise BGP and ASA

Luke Robertson
Level 1
Level 1

Hi,

I've been thinking about peering with multiple providers, and obviously BGP would have to be involved to advertise our address space to the internet.

Many BGP articles warn about selecting a suitable router, as with peering it will download many many routes from its peers. I realise that this would definitely be true for a service provider, but is this also the case for the Enterprise?

I'm not planning for our network to become a transit area, so in this case would BGP download all the internet routes from its peers, or would it be configured to just use default routes?

In addition to this, I recently discovered that ASA now supports running BGP. Would the ASA be suitable for the use I've described above, or is it meant to be used for iBGP? Are there any guidelines for selecting a suitable model for this purpose?

Thank you for help.

1 Accepted Solution

Accepted Solutions

Tagir Temirgaliyev
Spotlight
Spotlight

ASA ver 9.4 supports BGP but only default routes. as well as palo-alto firewalls, as well as juniper firewalls. They all not support full routing table. and probably you don't need full routing table.

You did not described your goals. What do you want to achieve ? load balancing? or just redundancy ? true 50-50% load balancing is impossible with BGP and default routes but redundancy will be.

And you will need to buy PI (provider independent IP addresses /22 or /23 ) and AS

View solution in original post

3 Replies 3

Tagir Temirgaliyev
Spotlight
Spotlight

ASA ver 9.4 supports BGP but only default routes. as well as palo-alto firewalls, as well as juniper firewalls. They all not support full routing table. and probably you don't need full routing table.

You did not described your goals. What do you want to achieve ? load balancing? or just redundancy ? true 50-50% load balancing is impossible with BGP and default routes but redundancy will be.

And you will need to buy PI (provider independent IP addresses /22 or /23 ) and AS

Thank you for your reply, I appreciate it.

The goal is for redundancy across providers. This is in a small multi-tenanted DC environment, so another idea (that I haven't fully investigated yet) is to use PBR for outbound routing to have some tenants use provider-A, and other tenants use provider-B, and to use the alternate provider in a disaster scenario. BGP would still be used for advertising networks for inbound routing.

I have some IP's which have been allocated by APNIC, and I believe they have allocated an AS as well.

Any thoughts on the overhead that this would add to the ASA? If it's not learning the global internet routes, does this become negligible, or is this still a primary concern?

I think  overhead is negligible even for smallest ASA

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: