BGP Novice here, trying to figure out where I'm going wrong with this. Through poor design, I'm staring at a router with 2 virtual routers on it. One virtual router is the "Edge" vRouter when interacting with vendors, the other is for internal traffic. One of our vendors is asking to do a BGP Peering session with us. This is the first time we've been asked to do BGP on this particular router.
However, we already have iBGP running, but all it does currently is route redistribution of internal to our OSPF
Anticipated mock up:
OSPF to rest of network [Vendor Router/AS1] -> IPSec Tunnel -> [[Edge vRouter/AS2] -> [Internal vRouter/AS2]] I've labbed this up already and am having trouble with the following:
- I can get routes from Vendor Router to Edge vRouter
- I can get routes from Edge vRouter to Vendor Router
- I can get routes from Edge vRouter to Internal vRouter
- I can get routes from Internal vRouter to Edge vRouter
- I CANNOT get routes from Vendor Router to Internal Router or reverse of that
- If I wanted to (I don't) I can get OSPF to Vendor Router and Vendor Router to OSPF
Our router is Palo Alto running PanOS 9.1.8. The only way to do vRouter to vRouter is via BGP OR using a physical interface assigned to each vRouter (all our interfaces are taken, and I don't want to add another VLAN to our switch stack for a subinterface if I can avoid it, as well as it would potentially cause a larger issue with our existing network infrastructure)
This is one of those problems where I'm sure it's been done before, but I have been unable to find the answer so far.
TIA!
No comments:
Post a Comment