Border Gateway Protocol (BGP) is a dynamic routing protocol based on TCP. BGP is used to exchange routing information and network accessibility information among different autonomous systems. When you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable private communication between your data center and the virtual border router (VBR) that is associated with the Express Connect circuit. This helps you build a hybrid cloud in an efficient, flexible, and reliable way.

Limits

  • You can specify only the data center as the BGP peer of a VBR. The data center is connected to the VBR by using an Express Connect circuit.
  • VBRs support only BGP-4.
  • You can create up to eight BGP peers for each VBR.
  • The Autonomous System Number (ASN) of Alibaba Cloud is 45104. You can specify a 2-byte or 4-byte ASN for the data center.

Prerequisites

  • A VBR is created. For more information, see Create and manage a VBR.
  • BGP routing is configured in the data center, and the BGP routes are advertised to Alibaba Cloud. You can also configure Bidirectional Forwarding Detection (BFD) based on your business requirements. Contact the service provider of your gateway device for the relevant commands.

Step 1: Create a BGP group

BGP groups are used to simplify BGP configurations. You can add BGP peers that use the same configurations to the same BGP group. Before you start, you must create a BGP group with the requested ASN.

If the following message appears after you create the BGP group, BGP loops may occur on the VBR. If the message does not appear, the VBR is free from BGP loops.
Important If your VBR uses BGP routing and connects to Alibaba Cloud through a transit router of Cloud Enterprise Network (CEN), BGP loops may occur on the VBR. If you have any questions, contact your account manager. For more information about BGP loops, see Scenarios in which you need to avoid attaching VBRs to CEN .
  1. Log on to the Express Connect console.
  2. In the top navigation bar, select a region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Groups tab and click Create BGP Group.
  5. In the Create BGP Group panel, set the following parameters and click OK.
    ParameterDescription
    Support IPv6Specify whether to enable IPv6. This feature is available only when you enable IPv6 for the VBR that you created.
    • No: disables IPv6.
    • Yes: enables IPv6.
    NameEnter a name for the BGP group.
    Peer ASNEnter the ASN of the data center.
    BGP KeyEnter the key of the BGP group.
    BGP Route QuotaEnter the maximum number of routes supported by a BGP peer.

    Maximum value: 110. You can go to the Quota Management page to apply for a quota increase. For more information, see Manage resource quotas.

    DescriptionEnter a description for the BGP group.

Step 2: Create a BGP peer

After you create the BGP group, you can add BGP peers that use the same configurations to the BGP group. This way, you do not need to configure the BGP peers one by one.

  1. Log on to the Express Connect console.
  2. In the top navigation bar, select a region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the BGP Peers tab and click Create BGP Peer.
  5. In the Create BGP Peer panel, set the following parameters and click OK.
    ParameterDescription
    BGP GroupSelect the BGP group to which you want to add the BGP peer.
    BGP Peer IP AddressEnter the IP address of the BGP peer.

    By default, you must enter the IPv4 address of the BGP peer. If you enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.

    Enable BFDSpecify whether to enable BFD.

    BFD is used to detect link failures. You can enable BFD for BGP to accelerate route convergence. This ensures that your business can run as expected.

    BFD Hop CountThis parameter is required only when you select Enable BFD.

    The parameter specifies the maximum number of network devices that a packet can traverse from the source to the destination. Set an appropriate value based on your network topology.

    Valid values: 1 to 255.

    After you create a BGP peer, you can view the status of the BGP peer on the BGP Peers page.

    State Description
    Idle The BGP peer is idle.

    Idle is the initial state of a BGP session. In this state, BGP waits for a start event. After the start event occurs, BGP initializes all resources and resets the ConnectRetry timer. Then, BGP initiates a TCP connection and changes to the Connect state.

    Connect The BGP peer is being connected.

    In the Connect state, BGP initiates the first TCP connection request. If the ConnectRetry timer times out before the TCP connection is established, a new TCP connection request is initiated and the BGP peer remains in the Connect state.

    • If BGP fails to establish the TCP connection, the state of the BGP peer changes to Active.
    • If the TCP connection is established, the state of the BGP peer changes to OpenSent.

    Active The BGP peer is active.

    In the Active state, BGP attempts to establish the TCP connection again. If the ConnectRetry timer times out, the state of the BGP peer changes back to Connect.

    • If BGP fails to establish the TCP connection, the BGP peer remains in the Active state, and BGP continues to initiate TCP connection requests.
    • If the TCP connection is established, the state of the BGP peer changes to OpenSent.

    OpenSent An OPEN message is sent to the BGP peer.

    The OpenSent state indicates that the TCP connection is established. The first OPEN message has been sent to the BGP peer. BGP is waiting for an OPEN message from the BGP peer. After BGP receives the OPEN message from the BGP peer, it checks the message for errors.

    • If the OPEN message contains errors, BGP returns an error message and the state of the BGP peer changes back to Idle.
    • If the OPEN message does not contain errors, BGP sends a Keepalive message, resets the Keepalive timer, and the state of the BGP peer changes to OpenConfirm.

    OpenConfirm The OPEN message from the BGP peer is confirmed.

    In the OpenConfirm state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer.

    • If the BGP peer receives the Keepalive message, the state of the BGP peer changes to Established, which indicates that the BGP session is established.
    • If the TCP connection is closed, the state of the BGP peer changes back to Idle.

    Established The BGP session is established.

    In the Established state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.

    UnEstablished The BGP session is not established.

Step 3: Advertise the BGP CIDR block

After you create the BGP peer, you must advertise the CIDR block of the VPC. After the BGP session is established, the VBR automatically learns the CIDR block of the data center.
Important If CEN is used to connect the VPC and the VBR, skip this step.
  1. Log on to the Express Connect console.
  2. In the top navigation bar, select a region and then click Virtual Border Routers (VBRs) in the left-side navigation pane.
  3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
  4. Click the Advertise BGP Subnet tab and click Advertised BGP Subnets.
  5. Enter the CIDR block to be advertised and click OK.

What to do next

View the events of BGP peers

CloudMonitor manages system events and custom events of Alibaba Cloud services in a centralized manner. You can configure event-triggered alert rules to monitor the BGP peer status and routes. If an exception occurs, you are notified and can manage the exception at the earliest opportunity. For more information, see Event overview.

  1. Log on to the CloudMonitor console.
  2. In the left-side navigation pane, choose Event Monitoring > System Event.
  3. On the System Event page, click the Event-triggered Alert Rules tab. Then, click Create Alert Rule.
  4. In the Create/Modify Event-triggered Alert Rule panel, set the following parameters and click OK.
    ParameterDescription
    Basic Info
    Alert Rule NameEnter a name for the event-triggered alert rule.
    Event-triggered Alert Rules
    Product TypeSelect the service for which you want to create the alert rule.

    Express Connect - Physical Connections is selected in this example.

    Event TypeSelect the type of event to trigger the alert rule.
    • Down: The rule is triggered when a BGP peer is disconnected.
    • ReceiveRoutes: The rule is triggered when the number of routes received by a BGP peer reaches the upper limit.
    Event LevelSelect the severity level of events to trigger the alert rule.

    WARN is selected in this example.

    Event NameSelect an event name.
    • BgpPeerStatus:Down: Select this name if Event Type is set to Down.
    • BgpPeerReceiveRoutes:Exceed: Select this name if Event Type is set to ReceiveRoutes.
    Keyword FilteringIn the Keyword Filtering field, enter a keyword to filter events and select a match condition from the Condition drop-down list.
    • Contains any of the keywords: If the alert rule contains any one of the specified keywords, an alert notification is sent.
    • Does not contain any of the keywords: If the alert rule does not contain any one of the specified keywords, an alert notification is sent.
    SQL FilterEnter an SQL statement to filter events.
    Resource RangeSelect the range of resources to which the alert rule applies. Valid values:
    • All Resources
    • Application Groups

    All Resources is selected in this example.

    Notification Method
    Alert NotificationNotifications are sent to the specified contacts.
    Select a contact group from the Contact Group drop-down list, and select a severity level and a notification method from the Notification Method drop-down list. Valid values:
    • Critical (Phone Call + Text Message + Email + Webhook)
    • Warning (Text Message + Email + Webhook)
    • Info (Email + Webhook)
    MNS QueueSelect a Message Service (MNS) queue to which alerts are delivered.
    Function ComputeSelect a Function Compute function to which alerts are delivered.
    URL CallbackSpecify a URL that can be accessed over the Internet. CloudMonitor sends HTTP POST requests to push alert notifications to the specified URL. Only HTTP requests are supported. For more information about how to configure callbacks for system event-triggered alerts, see Configure callbacks for system event-triggered alerts.
    Log Service(If you select Log Service, the alert information will be written to Log Service.)Select a Log Service Logstore to which alerts are delivered.
    Mute ForSpecify the interval at which CloudMonitor resends alert notifications before the alert is cleared.

Manage BGP

OperationProcedure
Modify a BGP group
  1. On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to modify, and then click Edit in the Actions column.
  2. In the Modify BGP Group panel, set the following parameters and click OK.
    • Support IPv6: Specify whether to enable IPv6 for the BGP group.
    • Name: Change the name of the BGP group.
    • Peer ASN: Change the ASN of the data center.
    • BGP Key: Change the key of the BGP group.
    • BGP Route Quota: Change the maximum number of routes that a BGP peer can receive.
    • Description: Modify the description of the BGP group.
Modify a BGP peer
  1. On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to modify, and then click Edit in the Actions column.
  2. In the Modify BGP Peer panel, set the following parameters and click OK.
    • BGP Group: Change the BGP group to which the BGP peer is added.
    • BGP Peer IP: Change the IP address of the BGP peer.
    • Enable BFD: Specify whether to enable BFD for the BGP peer.
    • BFD Hop Count: This parameter is required only when you select Enable BFD. Valid values: 1 to 255.
Delete a BGP group
  1. On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to delete, and then click Delete in the Actions column.
  2. In the message that appears, click OK.
Delete a BGP peer.
  1. On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to delete, and then click Delete in the Actions column.
  2. In the message that appears, click OK.
Delete an advertised BGP CIDR block
  1. On the details page of the VBR, click the Advertise BGP Subnet tab, find the CIDR block that you want to delete, and then click Delete in the Actions column.
  2. In the message that appears, click OK.

References