All Products
Search
Document Center

Express Connect:Configure and manage BGP

Last Updated:May 27, 2026

Border Gateway Protocol (BGP) is a dynamic routing protocol based on TCP that exchanges routing and network reachability information between autonomous systems. You can use BGP with an Express Connect circuit to connect an on-premises data center to a VBR and build a hybrid cloud.

Limitations

  • A VBR can establish a BGP peer only with the on-premises data center at the other end of the Express Connect circuit.

  • VBRs support BGP-4.

  • Each VBR can have a maximum of eight BGP peers.

  • The Autonomous System Number (ASN) on the Alibaba Cloud side is 45104. VBRs can connect to peer devices that use either 2-byte or 4-byte ASNs.

  • When you add a virtual border router (VBR) to an ECR, the ASN of the VBR's BGP group must match the ECR's ASN. If the ASN of your ECR is not 45104, associate the VBR with the ECR before you configure BGP settings for the VBR.

  • You cannot add a VBR that does not support MPBGP to an ECR. To check if your VBR supports MPBGP, go to its details page and find Advanced features of ports: in the Basic Information section.

Prerequisites

  • A VBR instance is created. Create and manage a VBR.

  • BGP is configured on your on-premises device to advertise the required routes, with BFD set up as needed. Consult your device vendor's documentation for instructions.

Step 1: Create a BGP group

A BGP group applies shared configuration to multiple BGP peers. Create a BGP group based on your ASN.

A risk warning after BGP group creation indicates the VBR instance is at risk. If no risk warning appears, the VBR instance is not at risk.

Important

If your VBR uses BGP and communicates with Alibaba Cloud resources through a Cloud Enterprise Network (CEN) transit router, BGP routing loops may occur. Contact your account manager if you have questions. When is it not recommended to connect a VBR to a CEN instance?

  1. Log on to the Express Connect console.

  2. In the top navigation bar, select the target region. In the left-side navigation pane, click VBR.

  3. On the VBR page, click the ID of the target VBR instance.

  4. Click the BGP Groups tab and then click Create BGP Group.

  5. In the Create BGP Group panel, configure the following parameters and click OK.

    Parameter

    Description

    Protocol type

    Valid values:

    • IPv4

    • IPv6

      Note

      This parameter is required only if IPv6 is enabled for the VBR.

    Name

    Enter a name for the BGP group.

    Peer ASN

    Enter the ASN of your on-premises data center's network.

    BGP Key

    Enter a key for the BGP group.

    BGP Route Quota

    The maximum number of routes the BGP peer can receive.

    Maximum value: 110.

    Description

    Enter a description for the BGP group.

    Local ASN

    The ASN on the Alibaba Cloud side. Default: 45104. This value cannot be changed by default.

    Note

    This field is visible only to accounts with the required permissions.

    To change the local ASN to a different value:

    1. We recommend using an ECR for configuration. ECRs support custom ASNs. If a VBR is associated with an ECR and BGP is not yet configured, the VBR inherits the ECR's ASN. When you configure BGP, the local ASN defaults to the ECR's ASN.

    2. If you cannot use an ECR, contact your account manager to request permissions to change the ASN. Supported ranges: 64512–65024, 65026–65534, and 4200000000–4294967294. The local ASN must match the ASN of the associated ECR.

    Using the default local ASN of 45104 in multi-line access scenarios may cause BGP routing loops. Evaluate the risks before proceeding.

Step 2: Create a BGP peer

After creating a BGP group, add BGP peers to it. Peers inherit the group's configuration.

  1. Log on to the Express Connect console.

  2. In the top navigation bar, select the target region. In the left-side navigation pane, click VBR.

  3. On the VBR page, click the ID of the target VBR instance.

  4. Click the BGP Peers tab and then click Create BGP Peer.

  5. In the Create BGP Peer panel, configure the following parameters and click OK.

    Parameter

    Description

    BGP Groups

    Select the BGP group for the BGP peer.

    BGP peer IP

    Enter the IP address of the BGP peer.

    Enter an IPv4 address by default. If the selected BGP group has IPv6 enabled, enter an IPv6 address.

    Enable BFD

    Specifies whether to enable Bidirectional Forwarding Detection (BFD).

    BFD detects link failures quickly and works with BGP to accelerate route convergence and ensure service continuity.

    BFD hops

    This parameter is required if you select Enable BFD.

    The maximum number of hops from source to destination. Configure based on your physical link topology.

    The value must be an integer from 1 to 255.

    Important

    When you use BFD in a multi-cloud environment or in a direct fiber connection that does not have bridging devices, change the default number of BFD hops from 255 to 1.

    After the BGP peer is created, you can view its status on the BGP Peers page.

    BGP peer status descriptions

    Status

    Description

    Idle

    Idle.

    The initial state of a BGP connection. BGP waits for a start event. When one occurs, BGP initializes resources, resets the Connect-Retry timer, initiates a TCP connection, and transitions to Connect.

    Connect

    Connect.

    BGP initiates the first TCP connection. If the Connect-Retry timer expires, BGP re-initiates the connection and remains in Connect.

    • If the TCP connection fails, the state changes to Active.

    • If the TCP connection is successful, the state changes to OpenSent.

    Active

    Active.

    BGP attempts to establish a TCP connection. If the Connect-Retry timer expires, the state reverts to Connect.

    • If the TCP connection fails, the state remains Active and BGP continues to initiate TCP connections.

    • If the TCP connection is successful, the state changes to OpenSent.

    OpenSent

    Open message sent.

    The TCP connection is established and BGP has sent the first Open message. BGP waits for the peer's Open message and validates it.

    • If an error is found, the system sends a notification message and the state reverts to Idle.

    • If the message is correct, BGP starts to send Keepalive messages, resets and starts the Keepalive timer, and then transitions to the OpenConfirm state.

    OpenConfirm

    Open message confirmed.

    BGP sends a Keepalive message and resets the Keepalive timer.

    • If a Keepalive message is received, the state changes to Established and the BGP peering relationship is established.

    • If the TCP connection is interrupted, the state reverts to Idle.

    Established

    BGP peer established.

    The BGP peering relationship is established. BGP exchanges Update messages with the peer and resets the Keepalive timer.

    UnEstablished

    The BGP peering relationship is not established.

Step 3: Advertise BGP CIDR blocks

After creating a BGP peer, advertise your VPC CIDR block to complete BGP configuration. Once the BGP session is established, the VBR automatically learns routes from your on-premises data center.

Important

If you use CEN for communication between your VPC and VBR, skip this step.

  1. Log on to the Express Connect console.

  2. In the top navigation bar, select the target region. In the left-side navigation pane, click VBR.

  3. On the VBR page, click the ID of the target VBR instance.

  4. Click the Advertise BGP Subnet tab and then click Advertised BGP Subnets.

  5. Enter the VPC CIDR block that you want to advertise and click OK.

More operations

Event monitoring for BGP peers

CloudMonitor manages system events and custom events for cloud services. Create alert rules for BGP peer status changes or route count events to receive prompt notifications. Event monitoring overview.

  1. Log on to the Cloud Monitor console.

  2. In the navigation pane on the left, choose Event Center > System Event.

  3. On the Event Monitoring tab, click Save as Alert Rule.

  4. In the Create/Modify Event-triggered Alert Rule panel, configure the following parameters and click OK.

    Parameter

    Description

    Basic Information

    Rule name

    Enter a name for the alert rule.

    Event-triggered Alert Rules

    Product

    Select the cloud service for the alert rule.

    In this example, select Physical Connection.

    Event type

    Select the event type for the alert rule.

    • Down: The BGP peer is down.

    • ReceiveRoutes: An event related to the number of routes received by the BGP peer.

    Event Level

    Select the alert level.

    In this example, select Warn.

    Event name

    Select the event name for the alert rule.

    • BGPPeerStatus:Down: Select this event name if you set Event type to Down.

    • BgpPeerReceiveRoutes:Exceed: Select this event name if you set Event type to ReceiveRoutes.

    Keyword filtering

    In the Keywords text box, enter the keywords by which to filter alert rules. Then, select a filter method from the Condition drop-down list:

    • Contains any of the keywords: An alert notification is sent if the event content contains any of the specified keywords.

    • Does not contain any of the keywords: An alert notification is sent if the event content does not contain any of the specified keywords.

    SQL filter

    Enter an SQL filter statement.

    Resource scope

    Select the resource scope for the alert rule. Valid values:

    • All Resources

    • Application Group

    In this example, select All Resources.

    Alarm method

    Alert Notification

    Select this option to send alerts directly to specified contacts.

    From the Contact Group drop-down list, select an alert contact group. From the Notification Method drop-down list, select an alert level and notification method. Valid values:

    • Critical (Phone Call + SMS + Email + WebHook)

    • Warning (SMS + Email + WebHook)

    • Info (Email + WebHook)

    Simple Message Queue (SMQ)

    Select this option to deliver alerts to a specified Message Service (MNS) queue.

    Function Compute

    Select this option to deliver alerts to a specified Function Compute function.

    URL callback

    A public URL that receives alert notifications from CloudMonitor via POST requests. Only HTTP is supported. Use system event alert callbacks (legacy).

    Log Service

    Select this option to deliver alerts to a specified Log Service Logstore.

    Mute for

    The interval at which alert notifications are resent if the alert is not cleared.

Managing BGP

Actions

Procedure

Modify a BGP group

  1. On the VBR details page, click the BGP Groups tab, find the target BGP group, and then click Edit in the Actions column.

  2. In the Modify BGP Group panel, modify the parameters and click OK.

    • Support IPv6: Specifies whether the BGP group supports IPv6.

    • Name: The name of the BGP group.

    • Peer ASN: The ASN of the on-premises data center network.

    • BGP Key: The key of the BGP group.

    • BGP Route Quota: The maximum number of routes that a BGP peer can receive.

    • Description: The description of the BGP group.

Modify a BGP peer

  1. On the VBR details page, click the BGP Peers tab, find the target BGP peer, and then click Edit in the Actions column.

  2. In the Modify BGP Peer panel, modify the parameters and click OK.

    • BGP Groups: The BGP group to which the BGP peer is added.

    • BGP peer IP: The IP address of the BGP peer.

    • Enable BFD: Specifies whether to enable BFD for the BGP peer.

    • BFD Hop Count: This parameter is required when you select Enable BFD. The value range is 1 to 255.

Delete a BGP group

  1. On the VBR details page, click the BGP Groups tab, find the target BGP group, and then click Delete in the Actions column.

  2. In the message that appears, click OK.

Delete a BGP peer

  1. On the VBR details page, click the BGP Peers tab, find the target BGP peer, and then click Delete in the Actions column.

  2. In the message that appears, click OK.

Delete an advertised BGP CIDR block

  1. On the VBR details page, click the Advertise BGP Subnet tab, find the target advertised CIDR block, and then click Delete in the Actions column.

  2. In the message that appears, click OK.

References