VPN Gateway supports the dynamic routing feature of Border Gateway Protocol (BGP). You can use VPN Gateway instances to connect your on-premises data center to Alibaba Cloud. Then, configure the VPN Gateway instances to automatically learn routes through BGP dynamic routing. This reduces network maintenance costs and avoids network configuration errors.
- No terms of Service Level Agreement (SLA) are guaranteed during the public review period.
- This feature is only supported in the Germany (Frankfurt) region during the public preview period.
BGP dynamic routing overview
BGP is a dynamic routing protocol based on Transmission Control Protocol (TCP). BGP is mainly used to exchange routing and network accessibility information among Autonomous Systems (ASs).
BGP dynamic routing is an add-on to the feature of IPsec connection for VPN Gateway. BGP dynamic routing is integrated with route learning and route advertisement of Cloud Enterprise Network (CEN). This allows you to build a hybrid cloud in a more efficient, flexible, and reliable manner.
- Automatically advertises dynamic routes to the cloud and on-premises data center, and handles route conflicts.
- Enables static routing and dynamic routing to customize the traffic egress.
- Creates multi-tunnel connections between a VPN Gateway instance and an on-premises data center. Supports equal-cost multi-path routing (ECMP) to achieve high availability and disaster recovery.
- The autonomous system number (ASN) of the on-premises data center specified for the Virtual border router (VBR) and the ASN specified for the VPN Gateway instance must be the same. This occurs if you connect the on-premises data center to an Alibaba Cloud Virtual Private Cloud (VPC) network in active/standby mode by using physical connections and VPN Gateway instances. This allows you to avoid route flapping in the on-premises data center.
- If multiple VPC networks are attached to the same CEN, make sure that the VPN Gateway instance associated with the VPC network is not connected to the on-premises data center through BGP. This allows you to avoid route flapping in the CEN.
- If you use the same VPN Gateway instance to establish VPN connections with different on-premises data centers, do not conduct routing among different VPN connections.
- If multiple VPN Gateway instances are created within a VPC network, do not conduct routing among these VPN Gateway instances.
Principles of dynamic route advertisement
- To Alibaba Cloud
The on-premises VPN Gateway instance automatically learns routes from the CIDR block of the on-premises data center through BGP and advertises the routes to the VPN Gateway instance on the cloud. If you enable automatic BGP propagation for the VPN Gateway instance on Alibaba Cloud, the VPN Gateway instance learns BGP routes and automatically propagates them to the system default route table of the VPC network. No BGP route is propagated to the custom route table.
- To the on-premises data center
The VPN Gateway instance on Alibaba Cloud automatically learns routes from the system default route table of the VPC network through BGP, and advertises the routes to the on-premises VPN Gateway instance.
Routing priorities
| Routing type | Routing priority on a VPN Gateway instance | Routing priority within a VPC network |
|---|---|---|
| Specific routing | P0 | P0 |
| System default routing | P1 | P1 |
| Static routing | P2 | P2 |
| Dynamic routing | P3 | P3 |
Limits
The BGP route table of an individual VPN Gateway instance supports up to 50 route entries. To request a quota increase, submit a ticket.
Use BGP dynamic routing
