Hey r/networking,
In my environment, we have two edge ASRs that are each peering to a different provider via eBGP. Each of them are receiving a default route and the partial routing table from their respective peers. Directly downstream from these two ASRs lives our production firewall. All three of these devices are on the same broadcast domain, and I have configured unicast EIGRP to neighbor up the ASA to the two ASRs, but the ASRs only peer with the firewall, not each other. I then redistribute just the default routes from both eBGP sessions into EIGRP and advertise that to the ASA. I obviously tweak the metric on the backup ASR so the ASA chooses one of the default routes.
I have tested failovers, and I know that it works as intended. If the primary BGP session drops, the redistributed default route is removed from EIGRP and our ASA uses the backup default route to the backup ASR.
1- Is this is a realistic approach?
2- Do I need to spin up iBGP between the two ASRs in this case? I personally don't see a reason to do it, as each ASR has their own default route and are both handing that down to the firewall via EIGRP.
No comments:
Post a Comment