You can create Border Gateway Protocol (BGP) routes between a virtual border router (VBR) and a data center. To create BGP routes between a VBR and a data center, add the BGP peer that communicates with the VBR to the corresponding BGP group and advertise the BGP CIDR block in the VBR.

Note Express Connect allows BGP routes to be created only between a VBR and a data center. When a connection over an Express Connect circuit is being established, you must add a route entry to the VBR. The route entry must point to the virtual private cloud (VPC) and Express Connect circuit. For more information, see Add routes.

BGP overview

BGP is a dynamic routing protocol based on Transmission Control Protocol (TCP). BGP is used to exchange routing and network accessibility information across autonomous systems. When a connection over an Express Connect circuit is being established, you can use BGP to connect a data center to a VBR over private connections. BGP allows you to build hybrid clouds in a more efficient, flexible, and reliable manner.

Before you can configure BGP, you must create a BGP group. BGP groups simplify BGP configurations. You can create a BGP group based on the autonomous system number (ASN) and add BGP peers that meet requirements to the BGP group. Then, the BGP peers can use the configurations of the BGP group. This allows you to configure BGP peers in a more efficient way.

Limits

BGP imposes the following limits on its features:
  • VBRs can establish BGP peering connections with only data centers that are connected to the VBRs through connections over an Express Connect circuit. Static routing is still required between the VBRs and VPCs.
  • VBRs support only BGP 4.
  • You can create at most eight BGP peers for each VBR.
  • You can add at most 100 dynamic route entries to each BGP peer.
  • The ASN of Alibaba Cloud is 45104, which supports the transmission of 2-byte or 4-byte ASNs from the customer side.

Step 1: Create a BGP group

Before you can configure BGP routes, you must create a BGP group with the requested ASN.

To create a BGP group, perform the following operations:
  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, click Virtual Border Routers (VBRs).
  3. Select a region and click the ID of the VBR that you want to manage.
  4. Click the BGP Groups tab and click Create BGP Group.
  5. Set the following parameters and click OK.
    Parameter Description
    Name Enter a name for the BGP group. The name must be 2 to 128 characters in length, and can contain digits, periods (.), underscores (_), and hyphens (-). It must start with a letter and cannot start with http:// or https://.
    Peer ASN Enter the ASN of the data center.
    BGP Key Enter the key of the BGP group.
    Description Enter a description of the BGP group. The description must be 2 to 256 characters in length. It must start with a letter but cannot start with http:// or https://.

Step 2: Add a BGP peer

To add a BGP peer, perform the following operations:
  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, click Virtual Border Routers (VBRs).
  3. Select a region and click the ID of the VBR that you want to manage.
  4. Click the BGP Peers tab and click Create BGP Peer.
  5. Set the following parameters and click OK.
    Parameter Description
    BGP Group Select the BGP group to which you want to add the BGP peer.
    BGP Peer IP Address Enter the IP address of the BGP peer.

    By default, the IPv4 address of the BGP peer is used. If you enable IPv6 for the BGP group, enter the IPv6 address of the BGP peer.

    The state of the BGP peer
    A BGP peer can be in the following states:
    • Idle: This is the first state that a newly added BGP peer enters. In this state, the BGP peer waits for a start event. After the BGP peer is started, it initializes resources, resets the ConnectRetry timer, initiates a TCP connection, and enters the Connect state.
    • Connect: In this state, the BGP peer initiates the first TCP connection. If the ConnectRetry timer times out before the TCP connection is established, a new TCP connection is initiated and the BGP peer remains in the Connect state.
      • If the TCP connection is established, the BGP peer enters the OpenSent state.
      • If the TCP connection is not established, the BGP peer enters the Active state.
    • Active: In this state, the BGP peer attempts to establish a new TCP connection. If the ConnectRetry timer times out, the state of the BGP peer changes to Connect.
      • If the TCP connection is established, the BGP peer enters the OpenSent state.
      • If the TCP connection is not established, the BGP peer remains in the Active state and continues to initiate TCP connections.
    • OpenSent: In this state, a TCP connection is established and the BGP peer has sent the first OPEN message. The BGP peer is waiting for an OPEN message from its neighbor. After the BGP peer receives the OPEN message, the BGP peer checks the validity of the message.
      • If the OPEN message contains errors, the BGP peer returns an error message and enters the Idle state.
      • If the OPEN message does not contain errors, the BGP peer sends a Keepalive message, resets the Keepalive timer, and enters the OpenConfirm state.
    • OpenConfirm: In this state, the BGP peer sends a Keepalive message and resets the Hold Timer.
      • If the BGP peer receives a Keepalive message, it enters the Established state, which indicates that the BGP peering connection is established.
      • If the TCP connection is interrupted, the BGP peer returns to the Idle state.
    • Established: In this state, the BGP peering connection is established. BGP peers exchange Update messages and reset the Hold Timer.
    • UnEstablished: indicates that the BGP peering connection is not established.

Step 3: Advertise the BGP CIDR block

After you configure BGP peers, you must advertise the CIDR block of the VPC to complete the BGP configuration. After the BGP peering connection is established, the VBR automatically learns the CIDR block of the data center.

To advertise the CIDR block of the VPC, perform the following operations:
  1. Log on to the Express Connect console.
  2. In the left-side navigation pane, click Virtual Border Routers (VBRs).
  3. Select a region and click the ID of a VBR.
  4. Click the Advertised BGP Subnets tab and click Advertise BGP Subnet.
  5. Enter the CIDR block that you want to advertise, and click OK.
    Note If Cloud Enterprise Network (CEN) is used to connect the VPC and the VBR, skip this step.

Step 4: Configure BGP for the data center

After you complete the preceding steps, BGP is configured on the Alibaba Cloud side. To advertise routes of the data center, you must configure BGP on the data center side. For more information, consult your service provider.