Private VRF BGP

Topology

Notes

• Internal VRF is represented by three BGP ASNs  merged into a logical ring
• One, extended with VXLAN and iBGP between two NGFW clusters and two isolated iBGP ASN based on L3 switches (one ASN per DC). Architectural decision is aiming to keep a number of peer links in the core to a minimum and also to avoid using BGP RRs 
• Flow control is achieved via MED metric
• Convergence - via BFD
• Security - via authentication and IP ACLs