ibgp setup

Unanswered Question

heres the task at hand. i need to create an ibgp session between my 2 external routers through my internal/border firewalls. the setup is

ISP-A > WAN1> FW1><FW2 < WAN2 < ISP -B.


my virutal setup worked fine but now the test production is having issues. Also firewalls are not running any routing just NAT and are checkpoint. Any ideas as I would hate to do an ibgp peering through the internet

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
senthil_kumarpv Mon, 01/28/2008 - 22:31
User Badges:

Hi


Need clarification , are u able to ping the WAN2 from WAN1 and vice versa.If it happens then there is no issue in creating the ibgp session ( we need ip reachability first) is there is any routes in the firewal ?

cpubob Tue, 01/29/2008 - 12:56
User Badges:
  • Bronze, 100 points or more

So you doing nat, are your routers setup to peer with the natted ip or the true ip of the box.


Also, can both router make a connection to each other, meaning, can r1 connect to r2 and can r2 connect to r1. This is needed because bgp tcp collision occur, where both routers each form a tcp connection with each other and the convention is for the router with the lower router id to disconnect its session. If you can only form your tcp connection in one direction, this may be causing your problem. If this is the source of your problem, you can either allow the session in the other direction or change the router id of the lower router to now be higher then the peer.



they are setup to peer with the real ip address. when i was building this in the test lab they wouldn't peer with the exposed natted address so i had to go with the real. i have changed the rule so only 1 side can build the session. before i had it going both ways (seeing alot of those disconnects as you mentioned)

Actions

This Discussion