On 2/20/20 7:18 PM, Arturo Borrero Gonzalez wrote:
Shall we just establish the BGP session using these 2 addresses? Honestly on the neutron side I don't have any more addresses, so at least the CR should be configured to peer with 208.80.153.190 only (unless in future tests I discover there are other ways of doing this).
My assumptions were wrong. Apparently neutron ignores the software defined transport network and uses the physical network for doing the BGP stuff.
This is the neutron BGP agent trying to contact the core router:
11:05:18.615101 IP 10.192.20.10.34716 > 208.80.153.185.179: Flags [S], seq 2498112052, win 29200, options [mss 1460,sackOK,TS val 1130299297 ecr 0,nop,wscale 9], length 0
For tests, I configured the BGP peer to contact 208.80.153.185 which is vrrp-gw-2120.wikimedia.org (i.e, the core router VIP in the cloud transport network). Note how the source address is 10.192.20.10 (cloudnet2002-dev.codfw.wmnet).
So I'm discarding my approach and creating the BGP session using the physical network. You should allow BGP from the following addresses:
* cloudnet2002-dev.codfw.wmnet: 10.192.20.10 * cloudnet2003-dev.codfw.wmnet: 10.192.20.12
And I will contact:
* cr1-codfw IP: 208.80.153.186 * cr2-codfw IP: 208.80.153.187
as you originally suggested.
regards.