BGP Protocol configuration between two VPC
I would need to configure a cross connect between two networks via SFP Fiber. Unfortunately I'm new on BGP configuration and would need confirmation that I'm doing it on the right way...
I have Two VPC:
VPC A: ASN 200 IP Router: 169.254.250.1 Sub Network: 10.0.0.1/34
VPC B: ASN 100 IP Router: 169.254.250.2 4 Servers: 169.254.131.1 / 169.254.131.2 / 169.254.131.3 / 169.254.131.4
VPC A is completely configured, I purchased a Cisco router C1113-8PM to configure my VPC B. My aim is to ensure that any server on VPC A can access my 4 servers located in VPC B through BGP.
The procedure I started to write into VPC B Router:
#Configure ASN VPC B on Router
enable
configure terminal
router bgp 100
bgp router-id 169.254.250.2
timers bgp 70 120
end
# Configure ASN VPC A and routes
configure terminal
neighbor 169.254.250.1 remote-as 200
address-family ipv4 unicast
neighbor 169.254.250.1 activate
end
is it enough ? Do I need to set each IP address of my VPC B into BGP table ? how ?
Solution
Targeted topology and config should be as I described below
Network Diagram
Two important commands are needed to enable this peering:
- Peer-gateway : The vPC peer-gateway functionality allows a vPC switch to act as the active gateway for packets that are addressed to the router MAC address of the vPC peer
- layer3 peer-router : no change for TTL of packets destined to the peer, external device sees the vPC domain as single physical entity from layer route protocol peering perspective as well.
Configurations
Leaf 1:
! Form the vPC domain:
vpc domain 1
peer-switch
role priority 10 peer-keepalive destination 192.0.2.2 source 192.0.2.1 peer-gateway layer3 peer-router ipv6 nd synchronize ip arp synchronize
!
!vPC peer-link interface members
interface Ethernet1/53 - 54
description vPC-Peerlink member
switchport
switchport mode trunk
channel-group 11 mode active
no shutdown
!
! vPC peer-link port-channel
interface port-channel11
description vPC-peerlink
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
vpc peer-link
!
! vPC port-channel member to External Device
interface Ethernet1/52
description ExternalDevice Eth2/13
switchport
switchport mode trunk
switchport trunk allowed vlan 203,205
mtu 9216
channel-group 12 mode active
no shutdown
!
! vPC port-channel to External Device
interface port-channel12
description vPC port-channel to External Device
switchport
switchport mode trunk
switchport trunk allowed vlan 203,205
mtu 9216
vpc 12
!
! Layer 3 interface to the Eternal device:
interface Vlan205
no shutdown
vrf member Customer
! BFD for eBGP
bfd interval 500 min_rx 500 multiplier 3
! Disable bfd echo, as it is not supported over vPC
no bfd echo
no ip redirects
! We use/29 as we need 3 ip address, one per each member of the ! vPC domain and 3rd for the External Device
ip address 198.51.100.1/29 tag 800204
! Disable redirects - this is needed to enable BFD
no ipv6 redirects
!
router bgp 65535
router bgp 65535
router-id 203.0.113.1
log-neighbor-changes
address-family ipv4 unicast
Customer router-id 198.51.100.1 address-family ipv4 unicast neighbor 198.51.100.2 description Leaf-2 remote-as 65535 address-family ipv4 unicast soft-reconfiguration inbound always neighbor 198.51.100.3 description to External Device bfd remote-as 65000 update-source Vlan205 address-family ipv4 unicast soft-reconfiguration inbound always ! Leaf 2:
! Form the vPC domain:
vpc domain 1
peer-switch
role priority 10
peer-keepalive destination 192.0.2.1 source 192.0.2.2
peer-gateway
layer3 peer-router
ipv6 nd synchronize
ip arp synchronize
!
!vPC peer-link interface members
interface Ethernet1/53 - 54
description vPC-Peerlink member
switchport
switchport mode trunk
channel-group 11 mode active
no shutdown
!
! vPC peer-link port-channel
interface port-channel11
description vPC-peerlink
switchport
switchport mode trunk
spanning-tree port type network
no shutdown
vpc peer-link
!
! vPC port-channel member to External Device
interface Ethernet1/52
description ExternalDevice Eth2/13
switchport
switchport mode trunk
switchport trunk allowed vlan 203,205
mtu 9216
channel-group 12 mode active
no shutdown
!
! vPC port-channel to External Device
interface port-channel12
description vPC port-channel to External Device
switchport
switchport mode trunk
switchport trunk allowed vlan 203,205
mtu 9216
vpc 12
!
! Layer 3 interface to the Eternal device:
interface Vlan205
no shutdown
vrf member Customer
! BFD for eBGP
bfd interval 500 min_rx 500 multiplier 3
! Disable bfd echo, as it is not supported over vPC
no bfd echo
no ip redirects
! We use/29 as we need 3 ip address, one per each member of the ! vPC domain and 3rd for the External Device
ip address 198.51.100.2/29 tag 800204
! Disable redirects - this is needed to enable BFD
no ipv6 redirects
!
router bgp 65535
router bgp 65535
router-id 203.0.113.2
log-neighbor-changes
address-family ipv4 unicast
vrf Customer
router-id 198.51.100.2
address-family ipv4 unicast
neighbor 198.51.100.1
description Leaf-2
remote-as 65535
address-family ipv4 unicast
soft-reconfiguration inbound always
neighbor 198.51.100.3
description to External Device
bfd
remote-as 65000
update-source Vlan205
address-family ipv4 unicast
soft-reconfiguration inbound always
!
External Device (NX-OS style CLI):
interface Ethernet2/13 - 14
switchport
switchport mode trunk
switchport trunk allowed vlan 203,205
mtu 9216
channel-group 12 mode active
no shutdown
!
interface port-channel12
switchport
switchport mode trunk
switchport trunk allowed vlan 203,205
mtu 9216
no shutdown
!
interface Vlan205
no shutdown
mtu 9216
! See notes in Leaf-1 and Leaf 2 for BFD
bfd interval 500 min_rx 500 multiplier 3
no bfd echo
no ip redirects
ip address 198.51.100.3/29
no ipv6 redirects
!
router bgp 65000
log-neighbor-changes
address-family ipv4 unicast
neighbor 198.51.100.1 remote-as 65535
description to Leaf-1
update-source Vlan205
bfd
neighbor 198.51.100.2 remote-as 65535
description to Leaf-2
update-source Vlan205
bfd
end
!
Verify
Below is output of show bgp ipv4 unicast neighbors. It verifies that:
- BGP neighborship is established and stable
- BFD is enabled between external neighbors
Troubleshoot
Following commands will help verify operation:
show vpc
show vpc consistency-parameters global
show vpc consistency-parameters interface <interface>
show bgp ipv4 unicast neighbors
show bgp ipv4 unicast summary
Ref. https://www.cisco.com/c/en/us/support/docs/ip/ip-routing/217099-ebgp-peering-over-vpc-on-nexus.html
- What is Decryption algorithm for Cisco Type 7?
- Need help parsing Cisco output
- Python ciscoconfparse to find shutdown interfaces and the whole interface block?
- Ansible Switch Description Query + Append Value
- How to describe scopes in EBNF?
- Regex returning undesired value
- How to get SNMPv3 by python with auth no priv?
- Line breaks are removed in text output
- Error While exiting Configuration mode using Python Script
- ansible CSV header options when appending with for loop
- Odd error when attempting net_put via Ansible
- Ansible Reload Cisco Devices Hangs
- Syslog receives logs from Cisco Switch but doesn't log them
- Cisco ansible show running-config
- Ansible Cisco Config Terminal
- Writing a tcl script using event_register_syslog
- Open Dictionary File in Python
- Continue not properly in loop (python)
- BGP Protocol configuration between two VPC
- Exception Handling in Python Script
- Issue connecting to cisco ios switch with custom menu enabled
- How to ensure that the dhcp pool name exist before updating options using ansible
- Remove first line in 'stdout_lines'
- Ansible cisco ios, change vlan on interface
- Sysmgr volatile memory bug
- Unable to run vpnc command
- Netmiko FileTransfer with python
- Ansible: ios upgrade router: check "spacefree_kb" prior to image copy
- How can I parse metadata from show version (cisco ios) using ansible
- Change ip address and default gateway on a Cisco switch