Border Gateway Protocol (BGP) is a dynamic routing protocol based on Transmission Control Protocol (TCP). BGP is used to exchange routing information and network accessibility information among different autonomous systems. When you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable private communication between your data center and the associated virtual border router (VBR). This helps you build a hybrid cloud in an efficient, flexible, and reliable way.

Limits

  • You can specify only the data center as the BGP peer of a VBR.
  • VBRs support only BGP-4.
  • You can create at most eight BGP peers for each VBR.
  • The Autonomous System Number (ASN) of Alibaba Cloud is 45104. You can specify a 2-byte or 4-byte ASN for the data center.
  • Bidirectional Forwarding Detection (BFD) is disabled for VBRs by default. To use this feature, Submit a ticket.

Prerequisites

  • A VBR is created. For more information, see Create a VBR.
  • BGP routing is configured in the data center so that the BGP routes can be advertised to Alibaba Cloud. You can also configure BFD based on your business requirements. Contact the service provider of your gateway device for the relevant commands.

Step 1: Create a BGP group

BGP groups are used to simplify BGP configurations. You can save time and effort by adding BGP peers that use the same configurations to one BGP group. Before you start, you must create a BGP group with the requested ASN.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Groups tab and click Create BGP Group.
  5. In the Create BGP Group panel, set the following parameters and click OK.
    Parameter Description
    Support IPv6 Specify whether to enable IPv6. This feature is available only when your account is added to the IPv6 whitelist.
    • No: disables IPv6
    • Yes: enables IPv6
    Name Enter a name for the BGP group.

    The name must be 2 to 128 characters in length, and can contain letters, digits, underscores (_), and hyphens (-). The name must start with a letter but cannot start with http:// or https://.

    Peer ASN Enter the ASN of the data center.
    BGP Key Enter the key of the BGP group.
    BGP Route Quota Specify the maximum number of routes supported by a BGP peer.

    Maximum value: 110. You can go to the Quota Management page to request a quota increase. For more information, see Manage resource quotas.

    Description Enter a description for the BGP group.

    The value must be 2 to 256 characters in length. It must start with a letter but cannot start with http:// or https://.

Step 2: Create a BGP peer

After you create the BGP group, you can add BGP peers that use the same configurations to the BGP group. This way, you do not need to separately configure the BGP peers.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Peers tab and click Create BGP Peer.
  5. In the Create BGP Peer panel, set the following parameters and click OK.
    Parameter Description
    BGP Group Select the BGP group to which you want to add the BGP peer.
    BGP Peer IP Address Enter the IP address of the BGP peer.

    By default, you must enter the IPv4 address of the BGP peer. If you enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.

    Enable BFD Specify whether to enable BFD.

    BFD is used to detect link failures. You can enable BFD for BGP to accelerate route convergence.

    BFD Hop Count This parameter is required only when you select Enable BFD.

    The parameter specifies the maximum number of network devices that a packet can traverse from the source to the destination. Set a proper value based on your network topology.

    Valid values: 1 to 255.

    After you create a BGP peer, you can view the state of the BGP peer on the BGP Peers page. The following table describes the states of a BGP peer.
    State Description
    Idle The BGP peer is idle.

    Idle is the initial state of a BGP session. In this state, BGP waits for a start event. After the start event occurs, BGP initializes all resources and resets the ConnectRetry timer. Then, BGP initiates a TCP connection and changes to the Connect state.

    Connect Connecting to the BGP peer.

    In the Connect state, BGP initiates the first TCP connection request. If the ConnectRetry timer times out before the TCP connection is established, a new TCP connection request is initiated and the BGP peer remains in the Connect state.

    • If BGP fails to establish the TCP connection, the state changes to Active.
    • If the TCP connection is established, the state changes to OpenSent.
    Active The BGP peer is active.

    In the Active state, BGP attempts to establish the TCP connection again. If the ConnectRetry timer times out, the state changes back to Connect.

    • If BGP fails to establish the TCP connection, Active state is not changed and BGP continues to initiate TCP connection requests.
    • If the TCP connection is established, the state changes to OpenSent.
    OpenSent An OPEN message is sent to the BGP peer.

    The OpenSent state indicates that the TCP connection is established. The first OPEN message is sent to the BGP peer. BGP waits for an OPEN message from the BGP peer. After BGP receives the OPEN message from the BGP peer, it checks the message for errors.

    • If the OPEN message contains errors, BGP returns an error message and the state of the BGP peer changes back to Idle.
    • If the OPEN message does not contain errors, BGP sends a Keepalive message, resets the Keepalive timer, and the state changes to OpenConfirm.
    OpenConfirm The OPEN message from the BGP peer is confirmed.

    In the OpenConfirm state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer.

    • If the BGP peer receives the Keepalive message, the state changes to Established, which indicates that the BGP session is established.
    • If the TCP connection is closed, the state changes to Idle.
    Established The BGP session is established.

    In the Established state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.

    UnEstablished The BGP session is not established.

Step 3: Advertise the BGP CIDR block

After you create the BGP peer, you must advertise the CIDR block of the VPC. After the BGP session is established, the VBR automatically learns the CIDR block of the data center.
Notice If Cloud Enterprise Network (CEN) is used to connect the VPC and the VBR, skip this step.
  1. Log on to the Express Connect console.
  2. In the top navigation bar, select the region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the Advertised BGP Subnets tab and click Advertise BGP Subnet.
  5. Enter the CIDR block to be advertised and click OK.