BGP in ACI
BGP in ACI
BGP in ACI, describes how two BGP sessions is established, how networks are being advertised using BGP and how we can access the external network via BGP peering . This Topics enables you to learn the following.
- ASA and Route-reflector Setup for ACI Fabric
- BGP Peering options and MD5 authentication
- How to advertise prefixes from fabric to external networks
- How to advertise route to Multiple layer-3 outside network
ACI provides choice between iBGP or EBGP configuration between border switch and External Routers as per software release.
Here we will discuss how to use iBGP to create the Layer-3 outside connection with two ISPs.
As mentioned earlier, the ACI border leaf switches support only iBGP at this point.
- ISP1 and ISP2 are customer premises equipment (CPE) routers.
- Loopback and IPs configured on interface, on both sides, are used for iBGP peering.
- BGP ASN 100 is used as an example.
- Prefixes 192.168.1.0/24 and 192.168.2.0/24 are advertised to ISP1.
- Prefix 192.168.2.0/24 is advertised to ISP2.
- ISP1 advertises external network prefixes to Leaf1 (10.10.10.0/24, 10.10.20.0/24, 0.0.0.0/0).
- ISP2 advertises external network prefixes to Leaf2 (172.16.10.0/24, 172.16.20.0/24, 0.0.0.0/0).
Below figure explains tenant DCLessons which is configured with VRF “VRF1” having two Bridge Domain (BD1 and BD2) and two Layer3 outside network are configured to control prefix advertisement to selected ISPs.
Fabric Setup for External Network Peering:
The ACI fabric uses MP-BGP for distribute external prefix to ACI fabric, MP-BGP is not enable by default rather we have to configure it, Spines are configured as RR and mostly we use BGP Route Reflector Default policy which is default policy and mention as Spine ID as route Reflector and BGP AS number. Once we do that, APIC configures the MP-BGP peering between Spines and Leafs automatically. MP-BGP runs in overlay ( infra ) VRF and Spines and Leaves reachability information is provided by ISIS Protocol .
Fabric BGP ASN and Route Reflector Configuration
MP-BGP is not enabled in ACI fabric by default. To enable MP-BGP, you need to configure ASN explicitly and also configure spine nodes as BGP route reflectors.To provide redundancy, a maximum of two spines should be configured as router reflector nodes. In this topology we are using:
- 100 as the internal ASN
- Spines (node IDs 201 and 202) as route reflectors
Following are the configuration steps to configure the ASN and define route reflector nodes.
- Choose Fabric and click Fabric Policies on the menu bar,
- In the Navigation pane, expand Pod Policies | Policies and Click BGP Route Reflector default.
- In the Properties , click the + sign next to Route Reflector Nodes.
- Configure or provide the ASN in the Autonomous System Number field.
Once above configuration is completed, APIC will push the configuration to all switch nodes to setup iBGP peering between leaf and spine.
MP-BGP session can be verified on any leaf or spine by following commands given below:
iBGP Peering Options with an External Network
There are two ways to configure iBGP peering with external router in ACI, and ACI fabric uses its loopback interface as source interface for peering with external router.
- BGP peering between loopback interface of both border leaf and External Router.
- BGP peering between Loopback IP of fabric and interface IP of WAN Routers .