[j-nsp] BGP setup question, advertise-peer-as?

[Ben Dale]

On 25/08/2012, at 10:03 PM, Morgan Mclean <wrx230 at gmail.com> wrote:

> Border router A and B are for firewall A only, firewall B handles its own eBGP. Ignoring firewall B, there is full mesh between border routers and firewall A. I'm thinking about a scenario where one border (A) loses its link to firewall A, thus losing its mesh and not having the needed route. It would be helpful to learn it from the remaining connected border router (B).
> 

Gotcha - in that case you'll need your iBGP peering is between loopback addresses on each device rather than interface addresses and something like OSPF distributing your loopbacks between all nodes.  

If the firewall is an SRX, just make sure the loopback is in the same security zone as both physical interfaces to the border routers so you don't run into state issues if the BGP session suddenly arrives on another interface during fail-over.


> On Aug 25, 2012, at 4:56 AM, Ben Dale <bdale at comlinx.com.au> wrote:
> 
>> Hi Morgan,
>> 
>>> My main issue is I can't seem to get the advertised routes from firewall A
>>> to be shared between the border routers. I know the nature of iBGP will
>>> block this, so I tried enabling advertise-peer-as for just the border to
>>> border peer relationship, but I still do not see it being advertised or
>>> showing up in the route tables. 
>> 
>> I wasn't sure from your email, but do you have a mesh of iBGP configured? Eg: does the firewall at site A have a direct peering relationship with both Firewall B and Border Router B?  If not, then this should most likely solve the issue of your routes not being seen by both borders.
>> 
>> If you already have this in place, have a look at the output of "show routes hidden extensive", you may find that they are not being installed for a different reason.
>> 
>> Cheers,
>> 
>> Ben
>