So I've recently taken over a datacetnre infrastructure which has a multihomed internet edge (eBGP, transit, peering, full tables etc.), feeding into Cisco ASAs which in turn have Nexus 9k switches inside connected to servers running VMware.
The switching are using BGP EVPN for VXLAN control plane. Currently there are static routes on the Internet edge routers for our aggregate public ranges pointing to the ASAs. In turn the ASAs have aggregate routes for these towards the Nexus switches, which are operating at layer 3 and have an internet VRF where the aggregates route into. The switches then have more specific routes pointing to particular end systems, some static some BGP from other network devices.
We're in the process of building another datacentre location and I was wondering if I should stick with the static routes on the border routers and ASA? My gut feeling is to run eBGP between internet edge and ASA, and again between ASA and the switching. This would allow me to originate our public aggregates from the switches, and in theory save all the hassle of static routes.
A colleague who just left was wary of running BGP on the ASAs (running 9.4 btw). But he never explained why. My own thinking is we have BGP everywhere apart from these statics, so why not remove them and make our lives easier?
Any thoughts welcome.
No comments:
Post a Comment