Border Gateway Protocol (BGP) is a dynamic routing protocol based on Transmission Control Protocol (TCP). BGP is used to exchange routing information and network accessibility information among different autonomous systems. When you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable private communication between your data center and the associated virtual border router (VBR). This helps you build a hybrid cloud in an efficient, flexible, and reliable way.

Limits

  • You can specify only the data center as the BGP peer of a VBR.
  • VBRs support only BGP-4.
  • You can create at most eight BGP peers for each VBR.
  • The Autonomous System Number (ASN) of Alibaba Cloud is 45104. You can specify a 2-byte or 4-byte ASN for the data center.
  • Bidirectional Forwarding Detection (BFD) is disabled for VBRs by default. To use this feature, Submit a ticket.

Prerequisites

  • A VBR is created. For more information, see Create a VBR.
  • BGP routing is configured in the data center so that the BGP routes can be advertised to Alibaba Cloud. You can also configure BFD based on your business requirements. Contact the service provider of your gateway device for the relevant commands.

Step 1: Create a BGP group

BGP groups are used to simplify BGP configurations. You can save time and effort by adding BGP peers that use the same configurations to one BGP group. Before you start, you must create a BGP group with the requested ASN.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Groups tab and click Create BGP Group.
  5. In the Create BGP Group panel, set the following parameters and click OK.
    Parameter Description
    Support IPv6 Specify whether to enable IPv6. This feature is available only when your account is on the IPv6 whitelist.
    • No: disables IPv6
    • Yes: enables IPv6
    Name Enter a name for the BGP group.
    Peer ASN Enter the ASN of the data center.
    BGP Key Enter the key of the BGP group.
    BGP Route Quota Specify the maximum number of routes supported by a BGP peer.

    Maximum value: 110. You can go to the Quota Management page to request a quota increase. For more information, see Manage resource quotas.

    Description Enter a description for the BGP group.

Step 2: Create a BGP peer

After you create the BGP group, you can add BGP peers that use the same configurations to the BGP group. This way, you do not need to configure the BGP peers one by one.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Peers tab and click Create BGP Peer.
  5. In the Create BGP Peer panel, set the following parameters and click OK.
    Parameter Description
    BGP Group Select the BGP group to which you want to add the BGP peer.
    BGP Peer IP Address Enter the IP address of the BGP peer.

    By default, you must enter the IPv4 address of the BGP peer. If you enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.

    Enable BFD Specify whether to enable BFD.

    BFD is used to detect link failures. You can enable BFD for BGP to accelerate route convergence.

    BFD Hop Count This parameter is required only when you select Enable BFD.

    The parameter specifies the maximum number of network devices that a packet can traverse from the source to the destination. Set a proper value based on your network topology.

    Valid values: 1 to 255.

    After you create a BGP peer, you can view the status of the BGP peer on the BGP Peers page.

    State Description
    Idle The BGP peer is idle.

    Idle is the initial state of a BGP session. In this state, BGP waits for a start event. After the start event occurs, BGP initializes all resources and resets the ConnectRetry timer. Then, BGP initiates a TCP connection and changes to the Connect state.

    Connect Connecting to the BGP peer.

    In the Connect state, BGP initiates the first TCP connection request. If the ConnectRetry timer times out before the TCP connection is established, a new TCP connection request is initiated and the BGP peer remains in the Connect state.

    • If BGP fails to establish the TCP connection, the state changes to Active.
    • If the TCP connection is established, the state changes to OpenSent.

    Active The BGP peer is active.

    In the Active state, BGP attempts to establish the TCP connection again. If the ConnectRetry timer times out, the state changes back to Connect.

    • If BGP fails to establish the TCP connection, the BGP peer remains in the Active state and BGP continues to initiate TCP connection requests.
    • If the TCP connection is established, the state changes to OpenSent.

    OpenSent An OPEN message is sent to the BGP peer.

    The OpenSent state indicates that the TCP connection is established. The first OPEN message is sent to the BGP peer. BGP waits for an OPEN message from the BGP peer. After BGP receives the OPEN message from the BGP peer, it checks the message for errors.

    • If the OPEN message contains errors, BGP returns an error message and the state of the BGP peer changes back to Idle.
    • If the OPEN message does not contain errors, BGP sends a Keepalive message, resets the Keepalive timer, and the state changes to OpenConfirm.

    OpenConfirm The OPEN message from the BGP peer is confirmed.

    In the OpenConfirm state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer.

    • If the BGP peer receives the Keepalive message, the state changes to Established, which indicates that the BGP session is established.
    • If the TCP connection is closed, the state changes back to Idle.

    Established The BGP session is established.

    In the Established state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.

    UnEstablished The BGP session is not established.

Step 3: Advertise the BGP CIDR block

After you create the BGP peer, you must advertise the CIDR block of the VPC. After the BGP session is established, the VBR automatically learns routes that point to the CIDR block of the data center.
Notice If Cloud Enterprise Network (CEN) is used to connect the VPC and the VBR, skip this step.
  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the Advertise BGP Subnet tab and click Advertised BGP Subnets.
  5. Enter the CIDR block to be advertised and click OK.

What to do next

View the monitoring events of BGP peers

CloudMonitor manages system events and custom events of Alibaba Cloud services in a centralized manner. You can configure event-triggered alert rules to monitor the BGP peer status and routes. If an exception occurs, you are notified so that you can manage the exception at the earliest opportunity. For more information, see Event monitoring overview.

  1. Log on to the CloudMonitor console.
  2. In the left-side navigation pane, choose Event Monitoring > System Event.
  3. On the System Event page, click the Event Alert tab. On the Event Alert tab, click Create Alert Rule.
  4. In the Create/Modify Event-triggered Alert Rule panel, set the following parameters and click OK.
    Parameter Description
    Basic Information
    Alert Rule Name Enter a name for the event-triggered alert rule.
    Event-triggered Alert Rules
    Product Type Select the service for which you want to create the alert rule.

    Physical Connection is selected in this example.

    Event Type Select the type of event that you want to monitor.
    • Down: The rule is triggered when a BGP peer is disconnected.
    • ReceiveRoutes: The rule is triggered when the number of routes received by a BGP peer reaches the upper limit.
    Event Level Select the level of the event that triggers alerts.

    WARN is selected in this example.

    Event Name Select an event name.
    • BgpPeerStatus:Down: Select this operation if Event Type is set to Down.
    • BgpPeerReceiveRoutes:Exceed: Select this option if Event Type is set to ReceiveRoutes.
    Keyword Filtering In the Keyword Filtering field, enter a keyword for filtering and select a match condition from the Condition drop-down list.
    • Contains any of the keywords: If the alert rule contains any one of the specified keywords, no alert notification is sent.
    • Does not contain any of the keywords: If the alert rule does not contain any one of the specified keywords, no alert notification is sent.
    SQL Filter Enter an SQL statement for filtering.
    Resource Range Select the range of resources to which the event alert rule applies. Valid values:
    • All Resources: If the Resource Range parameter is set to All Resources, CloudMonitor sends an alert notification when the specified event occurs on a resource.
    • Application Group: If the Resource Range parameter is set to Application Group, CloudMonitor sends an alert notification only when the specified event occurs on a resource in the application group.
    Notification Method
    Alert Notification Notifications are sent to the specified contacts.
    Select a contact group from the Contact Group drop-down list, and select a severity level and a notification method from the Notification Method drop-down list. Valid values:
    • Critical (Email + DingTalk)
    • Warning (Email + DingTalk)
    • Info (Email + DingTalk)
    MNS Queue Select a Message Service (MNS) queue to which the event alert is delivered.
    Function Compute The Function Compute function to which the event alert is delivered.
    URL Callback Specify a URL that can be accessed over the Internet. CloudMonitor sends HTTP POST requests to push alert notifications to the specified URL. Only HTTP is supported. For more information about how to configure alert callbacks, see Configure callbacks for system event-triggered alerts.
    Mute For Select a Logstore in Log Service to which the event alert is delivered.
    Mute For Select an interval at which CloudMonitor resends alert notifications before the alert is cleared.

Manage BGP

Operation Procedure
Modify a BGP group
  1. On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to modify, and then click Edit in the Actions column.
  2. In the Modify BGP Group panel, set the following parameters and click OK.
    • Support IPv6: Select whether to enable IPv6 for the BGP group.
    • Name: Rename the BGP group.
    • Peer ASN: Modify the AS number of the data center.
    • BGP Key: Modify the key of the BGP group.
    • BGP Route Quota: Modify the maximum number of routes that a BGP peer can receive.
    • Description: Modify the description of the BGP group.
Modify a BGP peer
  1. On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to modify, and then click Edit in the Actions column.
  2. In the Modify BGP Peer panel, set the following parameters and click OK.
    • BGP Group: Add or remove the BGP peer from BGP groups.
    • BGP Peer IP Address: Modify the IP address of the BGP peer.
    • Enable BFD: Select whether to enable BFD for the BGP peer.
    • BFD Hop Count: This parameter is required when you select Enable BFD. Valid values: 1 to 255.
Delete a BGP group
  1. On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to delete, and then click Delete in the Actions column.
  2. In the message that appears, click OK.
Delete a BGP peer.
  1. On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to delete, and then click Delete in the Actions column.
  2. In the message that appears, click OK.
Delete the CIDR block advertised by BGP
  1. On the details page of the VBR, click the Advertise BGP Subnet tab, find the CIDR block that you want to delete, and then click Delete in the Actions column.
  2. In the message that appears, click OK.

References