VPN Gateway supports the dynamic routing feature of Border Gateway Protocol (BGP). You can use VPN gateways to connect your on-premises data center to Alibaba Cloud. Then, you can enable BGP dynamic routing for the VPN gateways to automatically learn routes. This reduces network maintenance costs and avoids network configuration errors.
- No term of Service Level Agreement (SLA) is guaranteed during the public preview period.
- During the public preview period, this feature is supported only in China (Hangzhou), China (Shanghai), China (Beijing), China (Zhangjiakou-Beijing Winter Olympics), Germany (Frankfurt), Singapore, and Australia (Sydney).
Overview of BGP dynamic routing
BGP is a dynamic routing protocol based on Transmission Control Protocol (TCP). BGP is used to exchange routing and network accessibility information among Autonomous Systems (ASs).
BGP dynamic routing is an add-on to the feature of IPsec-VPN. BGP dynamic routing is integrated with the route learning and route advertisement features of Cloud Enterprise Network (CEN). You can establish a connection between Alibaba Cloud and your on-premises data center in a more efficient, flexible, and reliable manner with BGP dynamic routing.
- Automatically advertises dynamic routes to the cloud and on-premises data centers, and handles route conflicts.
- Enables static routing and dynamic routing, allowing you to route network traffic from specified egresses.
- Creates a multi-path connection between a VPN gateway and an on-premises data center. Supports equal-cost multi-path routing (ECMP) to achieve high availability and disaster recovery.
- Make sure that the same Autonomous System Number (ASN) of the on-premises data center is specified on the virtual border router (VBR) and VPN gateway. This condition must be met when you connect the on-premises data center to a Virtual Private Cloud (VPC) network by using leased lines and VPN gateways for connection resilience. This avoids route flapping in the on-premises data center.
- If multiple VPC networks are attached to the same CEN, make sure that the VPN gateways associated with the VPC networks are not connected to on-premises data centers through BGP. This avoids route flapping in the CEN.
- If you use the same VPN gateway to establish VPN connections with more than one on-premises data center, you must not import routes of different route tables to each other.
- If multiple VPN gateways are created within a VPC network, you must not import routes of different VPN gateways to each other.
Principles of dynamic route advertisement
- To Alibaba Cloud
The customer VPN gateway automatically learns BGP routes that are destined for the CIDR block of the on-premises data center and advertises the routes to the VPN gateway on the cloud. If you enable automatic BGP propagation for the VPN gateway on Alibaba Cloud, the VPN gateway uses BGP to learn routes and automatically propagates the routes to the default route table of the VPC network. No BGP route is propagated to the custom route table.
- To the on-premises data center
The VPN gateway on Alibaba Cloud automatically learns BGP routes from the default route table of the VPC network, and advertises the routes to the customer VPN gateway.
Routing priorities
| Route type | Priority of routes on a VPN gateway | Priority of routes within a VPC network |
|---|---|---|
| Specific routes | P0 | P0 |
| Default routes | P1 | P1 |
| Static routes | P2 | P2 |
| Dynamic routes | P3 | P3 |
Limits
Each VPN gateway can hold a BGP route table that contains up to 50 route entries. To request a quota increase, submit a ticket.
Use BGP dynamic routing
