Network & Security VMUG Community

Expand all | Collapse all

Cisco Networking BGP Best Practice for NSX-T

  • 1.  Cisco Networking BGP Best Practice for NSX-T

    Posted 07-19-2019 07:51 PM
    I was curious if there is any documentation on best practices of setting up BGP on Cisco Nexus in relation to NSX-T?  If not, does anyone have personal best practices they are willing to share?

    Paul Bryant
    Fort Worth,TX

  • 2.  RE: Cisco Networking BGP Best Practice for NSX-T

    Posted 07-20-2019 05:42 PM
    Edited by Paul Mancuso 07-20-2019 05:42 PM
    Best practices for eBGP specific to NX-OS is part of our standard guidance for setting up eBGP with any layer 3 switch fabric. There would be nothing specific I can think of off the top of my head that would be uniquely valuable to Nexus NX-OS switches.

    Therefore, VMware NSBU publishes multiple deployments, design, and reference guides that offer eBGP best practice setups:

    This document is the VMware Validated Design Guide 5.0.1:

    This reference is the deployment guide for NSX-T. It was published when NSX-T 2.2 was GA'd. There will be an update shortly.

    Search VMware's blogs with ' eBGP' and you will find several articles. Here is a good one.

    Paul Mancuso
    Technologist Director
    Palo Alto CA

  • 3.  RE: Cisco Networking BGP Best Practice for NSX-T

    Posted 07-22-2019 11:27 AM

    Hello Paul,

    Just be mindful of how you use BFD.
    I am pretty sure that even in 2.4 BFD timers do not adjust below 333msecs in NSX.

    Cisco networking can run BFD in standard and Echo mode right down to 50msec, so the question becomes how do you tune/optmise BFD.
    You could run echo on the Nexus (ks and have them tear down the peering within 150msec and the NSX T0 responds in 1sec - but that would be a bit bonkers.
    In production nnetworks I have built I tune up the BFD from to 50msec to 333 msec and specifically to the T0 I dont use Echo mode.
    You need to look at your own wider network stack and understand how this will impact the avialbility of you wider DC - if all you have a virtual workloads then the best you are gonna get is about a second when it comes to BGP failover after a peering fails.

    I hope this helps you.



    Satvinder Lall