Border Gateway Protocol (BGP) is a dynamic routing protocol based on Transmission Control Protocol (TCP). BGP is used to exchange routing information and network accessibility information in different autonomous systems. When you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable private communication between your data center and the virtual border router (VBR). This helps you build a hybrid cloud in an efficient, flexible, and reliable way.

Limits

Before you configure BGP, take note of the following limits:

  • When you use an Express Connect circuit to connect your data center to a virtual private cloud (VPC), you can specify only the VBR that is associated with the Express Connect circuit and the data center as BGP peers. Therefore, you must also configure static routes on the VBR to route network traffic to the VPC. For more information, see Add routes.
  • VBRs support only BGP 4.
  • You can create at most eight BGP peers for each VBR.
  • Each BGP peer supports up to 110 dynamic routes.
  • The Autonomous System Number (ASN) of Alibaba Cloud is 45104. You can specify a 2-byte or 4-byte ASN for the data center.
  • By default, Bidirectional Forwarding Detection (BFD) is disabled for VBRs. To use this feature, Submit a ticket.

Step 1: Create a BGP group

BGP groups are used to simplify BGP configurations. You can save time and effort by adding BGP peers that use the same configurations to one BGP group. Before you start, you must create a BGP group with the requested ASN.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Groups tab and click Create BGP Group.
  5. Set the following parameters and click OK.
    Parameter Description
    Support IPv6 Specify whether to enable IPv6 for the BGP group.
    Name Enter a name for the BGP group. The value must be 2 to 128 characters in length, and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://.
    Peer ASN Enter the ASN of the data center.
    BGP Key Enter the key of the BGP group.
    Description Enter a description for the BGP group. The value must be 2 to 256 characters in length. It must start with a letter but cannot start with http:// or https://.

Step 2: Create a BGP peer

After you create the BGP group, you can add BGP peers that use the same configurations to the BGP group. This way, you do not need to separately configure the BGP peers.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Peers tab and click Create BGP Peer.
  5. Set the following parameters and click OK.
    Parameter Description
    BGP Group Select the BGP group to which you want to add the BGP peer.
    BGP Peer IP Address Enter the IP address of the BGP peer.

    By default, you are required to enter the IPv4 address of the BGP peer. If you have enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.

    Enable BFD Specify whether to enable BFD.

    BFD is a super-fast protocol that is used to detect link failures. You can enable BFD for BGP to accelerate routing convergence.

    BFD hop count This parameter is required only when you select Enable BFD.

    The parameter specifies the maximum number of network devices that a packet can traverse from the source to the destination. You can set a proper value based on the factors that affect the physical connection.

    Valid values: 1 to 255.

After you create a BGP peer, you can view the state of the BGP peer on the BGP Peers page. The following table describes the states of a BGP peer.

State Description
Idle The BGP peer is idle.

Idle is the initial state of a BGP session. In this state, BGP waits for a start event. After the start event occurs, BGP initializes all resources and resets the ConnectRetry timer. Then, BGP initiates a TCP connection and changes the state of the BGP peer to Connect.

Connect The BGP peer is connecting.

In this state, BGP initiates the first TCP connection request. If the ConnectRetry timer depletes before the TCP connection is established, a new TCP connection request is initiated and the BGP peer remains in the Connect state.

  • If the TCP connection is established, the state of the BGP peer changes to OpenSent.
  • If the TCP connection is not established, the state of the BGP peer changes to Active.
Active The BGP peer is active.

In this state, BGP attempts to establish the TCP connection again. If the ConnectRetry timer depletes, the state of the BGP peer changes back to Connect.

  • If the TCP connection is established, the state of the BGP peer changes to OpenSent.
  • If the TCP connection is not established, the BGP peer remains in the Active state and BGP continues to initiate TCP connection requests.
OpenSent An OPEN message has been sent to the BGP peer.

This state indicates that the TCP connection is established. The first OPEN message has been sent to the BGP peer. BGP is waiting for an OPEN message from the BGP peer. After BGP receives the OPEN message from the BGP peer, it checks the message for errors.

  • If the OPEN message contains errors, BGP returns an error message and the state of the BGP peer changes back to Idle.
  • If the OPEN message does not contain errors, BGP sends a Keepalive message, resets the Keepalive timer, and changes the state of the BGP peer to OpenConfirm.
OpenConfirm The OPEN message from the BGP peer has been confirmed.

In this state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer.

  • If the BGP peer receives the Keepalive message, the state of the BGP peer changes to Established, which indicates that the BGP session is established.
  • If the TCP connection is interrupted, the state of the BGP peer changes back to Idle.
Established The BGP session is established.

In this state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.

UnEstablished The BGP session is not established.

Step 3: Advertise the BGP CIDR block

After you create the BGP peer, you must advertise the CIDR block of the VPC. After the BGP session is established, the VBR automatically learns routes that point to the CIDR block of the data center.

Notice If Cloud Enterprise Network (CEN) is used to connect the VPC and the VBR, skip this step.
  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the Advertised BGP Subnets tab and click Advertise BGP Subnet.
  5. Enter the CIDR block to be advertised and click OK.

Step 4: Configure BGP in the data center

After you complete the BGP configuration on Alibaba Cloud, you must configure BGP route advertisement in the data center. You can also configure BFD for BGP as needed. Consult the manufacturer of your network device for the relevant commands.