Border Gateway Protocol (BGP) is a dynamic routing protocol based on TCP that exchanges routing and network reachability information between autonomous systems. You can use BGP with an Express Connect circuit to connect an on-premises data center to a VBR and build a hybrid cloud.
Limitations
-
A VBR can establish a BGP peer only with the on-premises data center at the other end of the Express Connect circuit.
-
VBRs support BGP-4.
-
Each VBR can have a maximum of eight BGP peers.
-
The Autonomous System Number (ASN) on the Alibaba Cloud side is 45104. VBRs can connect to peer devices that use either 2-byte or 4-byte ASNs.
-
When you add a virtual border router (VBR) to an ECR, the ASN of the VBR's BGP group must match the ECR's ASN. If the ASN of your ECR is not 45104, associate the VBR with the ECR before you configure BGP settings for the VBR.
You cannot add a VBR that does not support MPBGP to an ECR. To check if your VBR supports MPBGP, go to its details page and find Advanced features of ports: in the Basic Information section.
Prerequisites
-
A VBR instance is created. Create and manage a VBR.
-
BGP is configured on your on-premises device to advertise the required routes, with BFD set up as needed. Consult your device vendor's documentation for instructions.
Step 1: Create a BGP group
A BGP group applies shared configuration to multiple BGP peers. Create a BGP group based on your ASN.
A risk warning after BGP group creation indicates the VBR instance is at risk. If no risk warning appears, the VBR instance is not at risk.
If your VBR uses BGP and communicates with Alibaba Cloud resources through a Cloud Enterprise Network (CEN) transit router, BGP routing loops may occur. Contact your account manager if you have questions. When is it not recommended to connect a VBR to a CEN instance?
-
Log on to the Express Connect console.
-
In the top navigation bar, select the target region. In the left-side navigation pane, click VBR.
-
On the VBR page, click the ID of the target VBR instance.
-
Click the BGP Groups tab and then click Create BGP Group.
-
In the Create BGP Group panel, configure the following parameters and click OK.
Parameter
Description
Protocol type
Valid values:
-
IPv4
-
IPv6
NoteThis parameter is required only if IPv6 is enabled for the VBR.
Name
Enter a name for the BGP group.
Peer ASN
Enter the ASN of your on-premises data center's network.
BGP Key
Enter a key for the BGP group.
BGP Route Quota
The maximum number of routes the BGP peer can receive.
Maximum value: 110.
Description
Enter a description for the BGP group.
Local ASN
The ASN on the Alibaba Cloud side. Default: 45104. This value cannot be changed by default.
NoteThis field is visible only to accounts with the required permissions.
To change the local ASN to a different value:
-
We recommend using an ECR for configuration. ECRs support custom ASNs. If a VBR is associated with an ECR and BGP is not yet configured, the VBR inherits the ECR's ASN. When you configure BGP, the local ASN defaults to the ECR's ASN.
-
If you cannot use an ECR, contact your account manager to request permissions to change the ASN. Supported ranges: 64512–65024, 65026–65534, and 4200000000–4294967294. The local ASN must match the ASN of the associated ECR.
Using the default local ASN of 45104 in multi-line access scenarios may cause BGP routing loops. Evaluate the risks before proceeding.
-
Step 2: Create a BGP peer
After creating a BGP group, add BGP peers to it. Peers inherit the group's configuration.
-
Log on to the Express Connect console.
-
In the top navigation bar, select the target region. In the left-side navigation pane, click VBR.
-
On the VBR page, click the ID of the target VBR instance.
-
Click the BGP Peers tab and then click Create BGP Peer.
-
In the Create BGP Peer panel, configure the following parameters and click OK.
Parameter
Description
BGP Groups
Select the BGP group for the BGP peer.
BGP peer IP
Enter the IP address of the BGP peer.
Enter an IPv4 address by default. If the selected BGP group has IPv6 enabled, enter an IPv6 address.
Enable BFD
Specifies whether to enable Bidirectional Forwarding Detection (BFD).
BFD detects link failures quickly and works with BGP to accelerate route convergence and ensure service continuity.
BFD hops
This parameter is required if you select Enable BFD.
The maximum number of hops from source to destination. Configure based on your physical link topology.
The value must be an integer from 1 to 255.
ImportantWhen you use BFD in a multi-cloud environment or in a direct fiber connection that does not have bridging devices, change the default number of BFD hops from 255 to 1.
After the BGP peer is created, you can view its status on the BGP Peers page.
Step 3: Advertise BGP CIDR blocks
After creating a BGP peer, advertise your VPC CIDR block to complete BGP configuration. Once the BGP session is established, the VBR automatically learns routes from your on-premises data center.
If you use CEN for communication between your VPC and VBR, skip this step.
-
Log on to the Express Connect console.
-
In the top navigation bar, select the target region. In the left-side navigation pane, click VBR.
-
On the VBR page, click the ID of the target VBR instance.
-
Click the Advertise BGP Subnet tab and then click Advertised BGP Subnets.
-
Enter the VPC CIDR block that you want to advertise and click OK.
More operations
Event monitoring for BGP peers
CloudMonitor manages system events and custom events for cloud services. Create alert rules for BGP peer status changes or route count events to receive prompt notifications. Event monitoring overview.
-
Log on to the Cloud Monitor console.
In the navigation pane on the left, choose .
-
On the Event Monitoring tab, click Save as Alert Rule.
-
In the Create/Modify Event-triggered Alert Rule panel, configure the following parameters and click OK.
Parameter
Description
Basic Information
Rule name
Enter a name for the alert rule.
Event-triggered Alert Rules
Product
Select the cloud service for the alert rule.
In this example, select Physical Connection.
Event type
Select the event type for the alert rule.
-
Down: The BGP peer is down.
-
ReceiveRoutes: An event related to the number of routes received by the BGP peer.
Event Level
Select the alert level.
In this example, select Warn.
Event name
Select the event name for the alert rule.
-
BGPPeerStatus:Down: Select this event name if you set Event type to Down.
-
BgpPeerReceiveRoutes:Exceed: Select this event name if you set Event type to ReceiveRoutes.
Keyword filtering
In the Keywords text box, enter the keywords by which to filter alert rules. Then, select a filter method from the Condition drop-down list:
Contains any of the keywords: An alert notification is sent if the event content contains any of the specified keywords.
Does not contain any of the keywords: An alert notification is sent if the event content does not contain any of the specified keywords.
SQL filter
Enter an SQL filter statement.
Resource scope
Select the resource scope for the alert rule. Valid values:
-
All Resources
-
Application Group
In this example, select All Resources.
Alarm method
Alert Notification
Select this option to send alerts directly to specified contacts.
From the Contact Group drop-down list, select an alert contact group. From the Notification Method drop-down list, select an alert level and notification method. Valid values:
-
Critical (Phone Call + SMS + Email + WebHook)
-
Warning (SMS + Email + WebHook)
-
Info (Email + WebHook)
Simple Message Queue (SMQ)
Select this option to deliver alerts to a specified Message Service (MNS) queue.
Function Compute
Select this option to deliver alerts to a specified Function Compute function.
URL callback
A public URL that receives alert notifications from CloudMonitor via POST requests. Only HTTP is supported. Use system event alert callbacks (legacy).
Log Service
Select this option to deliver alerts to a specified Log Service Logstore.
Mute for
The interval at which alert notifications are resent if the alert is not cleared.
-
Managing BGP
|
Actions |
Procedure |
|
Modify a BGP group |
|
|
Modify a BGP peer |
|
|
Delete a BGP group |
|
|
Delete a BGP peer |
|
|
Delete an advertised BGP CIDR block |
|
References
-
CreateBgpGroup: Create a BGP group for a specified VBR.
-
CreateBgpPeer: Add a BGP peer to a specified BGP group.
-
AddBgpNetwork: Advertise a BGP network.
-
ModifyBgpGroupAttribute: Modify the attributes of a BGP group.
-
ModifyBgpPeerAttribute: Modify the attributes of a BGP peer.
-
DeleteBgpGroup: Delete a specified BGP group.
-
DeleteBgpPeer: Delete a specified BGP peer.
-
DeleteBgpNetwork: Delete an advertised BGP network.