Border Gateway Protocol (BGP) is a dynamic routing protocol based on TCP. BGP is used to exchange routing and network reachability information among different autonomous systems (ASs). If you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable communication between your data center and the virtual border router (VBR) that is associated with the Express Connect circuit. This helps you build a hybrid cloud in an efficient, flexible, and reliable way.
Limits
You can specify only the data center as the BGP peer of a VBR. The data center is connected to the VBR by using an Express Connect circuit.
VBRs support only BGP-4.
You can create up to eight BGP peers for each VBR.
The Autonomous System Number (ASN) at the Alibaba Cloud side is 45104. You can specify a 2-byte or 4-byte ASN for the data center.
The local autonomous system number (ASN) of the Border Gateway Protocol (BGP) group of the virtual border router (VBR) associated with the ECR must be the same as the ASN of the ECR. If the ASN of the ECR is not 45104, you must associate a VBR with the ECR and configure BGP for the VBR.
Prerequisites
A VBR is created. For more information, see Create and manage a VBR.
BGP routing is configured in the data center, and the BGP routes are advertised to the corresponding Alibaba Cloud product. You can also configure Bidirectional Forwarding Detection (BFD) as required. For the detailed operation process, contact the service provider of your gateway device.
Step 1: Create a BGP group
BGP groups are used to simplify BGP configurations. You can add BGP peers with the same configurations to one BGP group. Before you start, you must create a BGP group with the requested ASN.
If the following message appears after you create the BGP group, a BGP loop may occur on the VBR. If the message does not appear, the VBR is free from BGP loops.
If your VBR uses BGP and connects to Alibaba Cloud services by using a transit router (TR) of Cloud Enterprise Network (CEN), BGP loops may occur on the VBR. If you have any questions, contact your account manager. For more information about BGP loops, see Scenarios in which you need to avoid attaching VBRs to CEN .
Log on to the Express Connect console Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
On the details page of the VBR, click the BGP Groups tab. Then, click Create BGP Group.
In the Create BGP Group panel, configure the following parameters and click OK.
Parameter
Description
Protocol Type
The type of the protocol. Valid values:
IPv4
IPv6
NoteThis parameter is available only if you enable IPv6 for the VBR that you created.
Name
The name of the BGP group.
Peer ASN
The ASN of the data center.
BGP Key
The key of the BGP group.
BGP Route Quota
The maximum number of routes supported by a BGP peer.
The maximum value is 110. You can go to the Quota Management page to apply for a quota increase. For more information, see Manage resource quotas.
Description
The description of the BGP group.
Local ASN
The local ASN. Valid values: 45104, 64512 to 65534, and 4200000000 to 4294967294. 65025 is a reserved local ASN of Alibaba Cloud.
NoteThe local AS number of the BGP group must be the same as the ASN of the Express Connect router (ECR) that is associated with the BGP group.
Step 2: Create a BGP peer
After you create the BGP group, you can add BGP peers with the same configurations to the BGP group. This way, you do not need to configure the BGP peers one by one.
Log on to the Express Connect console Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
On the details page of the VBR, click the BGP Peers tab. Then, click Create BGP Peer.
In the Create BGP Peer panel, configure the following parameters and click OK.
Parameter
Description
BGP Group
The BGP group to which you want to add the BGP peer.
BGP Peer IP
The IP address of the BGP peer.
By default, enter the IPv4 address of the BGP peer. If you enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.
Enable BFD
Specifies whether to enable BFD for the BGP peer.
BFD is used to detect network connectivity. You can enable BFD for BGP to accelerate route convergence. This ensures that your business can run as expected.
BFD Hop Count
The maximum number of network devices that a packet can traverse from the source to the destination. This parameter is required only if you enable BFD for the BGP peer.
Specify an appropriate value based on your network topology.
Valid values: 1 to 255.
After you create a BGP peer, you can view the status of the BGP peer on the BGP Peers tab.
Status Description Idle The BGP peer is idle. Idle is the initial status of a BGP session. In this status, BGP waits for a start event. After the start event occurs, BGP initializes all resources and resets the ConnectRetry timer. Then, BGP initiates a TCP connection request and changes to the Connect state.
Connect The BGP peer is being connected. In the Connect state, BGP initiates the first TCP connection request. If the ConnectRetry timer times out before the TCP connection is established, a new TCP connection request is initiated, and the BGP peer remains in the Connect state.
- If BGP fails to establish the TCP connection, the status of the BGP peer changes to Active.
- If the TCP connection is established, the status of the BGP peer changes to OpenSent.
Active The BGP peer is active. In the Active state, BGP attempts to re-establish the TCP connection. If the ConnectRetry timer times out, the status of the BGP peer changes back to Connect.
- If BGP fails to establish the TCP connection, the BGP peer remains in the Active state, and BGP continues to initiate TCP connection requests.
- If the TCP connection is established, the status of the BGP peer changes to OpenSent.
OpenSent An OPEN message is sent to the BGP peer. The OpenSent state indicates that the TCP connection is established. The first OPEN message is sent to the BGP peer. After BGP receives the OPEN message from the BGP peer, it verifies the authenticity of the message.
- If the OPEN message contains an error, BGP returns an error message and the status of the BGP peer changes back to Idle.
- If the OPEN message does not contain any errors, BGP sends a Keepalive message and resets the Keepalive timer. In addition, the status of the BGP peer changes to OpenConfirm.
OpenConfirm The OPEN message from the BGP peer is confirmed. In the OpenConfirm state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer.
- If the BGP peer receives the Keepalive message, the status of the BGP peer changes to Established, which indicates that the BGP session is established.
- If the TCP connection is closed, the status of the BGP peer changes back to Idle.
Established The BGP session is established. In the Established state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.
UnEstablished The BGP session is not established.
Step 3: Advertise the BGP CIDR block
After you create the BGP peer, ensure that the CIDR block of the VPC is advertised. After the BGP session is established, the VBR automatically learns the CIDR block of the data center.
If CEN is used to connect the VPC and the VBR, skip this step.
Log on to the Express Connect console Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
On the details page of the VBR, click the Advertise BGP Subnet tab. Then, click Advertised BGP Subnets.
Enter the CIDR block to be advertised and click OK.
What to do next
View the monitoring events of BGP peers
CloudMonitor manages system events and custom events of Alibaba Cloud services in a centralized manner. You can configure event-triggered alert rules to monitor the BGP peer status and routes. If an exception occurs, you are notified and can manage the exception at the earliest opportunity. For more information, see Overview.
Log on to the CloudMonitor console.
In the left-side navigation pane, choose .
On the System Event page, click the Event-triggered Alert Rules tab. On the Event-triggered Alert Rules tab, click Create Alert Rule.
In the Create/Modify Event-triggered Alert Rule panel, configure the following parameters and click OK.
Parameter
Description
Basic Info
Alert Rule Name
The name of the event-triggered alert rule.
Event-triggered Alert Rules
Product Type
The service for which you want to create the alert rule.
In this example, Express Connect - Physical Connections is selected.
Event Type
The type of event to trigger the alert rule. Valid values:
Down: The rule is triggered when a BGP peer is disconnected.
ReceiveRoutes: The rule is triggered when the number of routes received by a BGP peer reaches the upper limit.
Event Level
The severity level of events to trigger the alert rule.
In this example, WARN is selected.
Event Name
The names of the events that trigger the alert rule.
BgpPeerStatus:Down: Select this name if the Event Type parameter is set to Down.
BgpPeerReceiveRoutes:Exceed: Select this name if the Event Type parameter is set to ReceiveRoutes.
Keyword Filtering
In the Keyword Filtering field, enter a keyword to filter events and select a match condition from the Condition drop-down list.
Contains any of the keywords: If the alert rule contains any one of the specified keywords, CloudMonitor sends an alert notification.
Does not contain any of the keywords: If the alert rule does not contain any one of the specified keywords, CloudMonitor sends an alert notification.
SQL Filter
The SQL statement used to filter events.
Resource Range
The range of resources to which the alert rule applies. Valid values:
All Resources
Application Groups
In this example, All Resources is selected.
Notification Method
Alert Notification
The contacts and notification methods for alerts.
Select a contact group from the Alert Contact Group drop-down list, and select a severity level and a notification method from the Notification Method drop-down list. Valid values:
Critical (Phone Call + Text Message + Email + Webhook)
Warning (Text Message + Email + Webhook)
Info (Email +Webhook)
Message Service - Queue
The Message Service (MNS) queue to which alerts are delivered.
Function Compute
The Function Compute function to which alerts are delivered.
URL Callback
The callback URL that can be accessed over the Internet. CloudMonitor sends HTTP POST requests to push alert notifications to the specified URL. Only HTTP is supported. For more information about how to configure alert callbacks, see Configure callbacks for system event-triggered alerts (old).
Simple Log Service
The Simple Log Service Logstore to which you want to deliver the alerts.
Mute For
The interval at which CloudMonitor resends alert notifications before the alert is cleared.
Manage BGP
Operation | Procedure |
Modify a BGP group |
|
Modify a BGP peer |
|
Delete a BGP group |
|
Delete a BGP peer |
|
Delete an advertised BGP CIDR block |
|
References
CreateBgpGroup: creates a BGP group for a VBR.
CreateBgpPeer: adds a BGP peer to a BGP group.
ModifyBgpPeerAttribute: advertises a BGP CIDR block.
ModifyBgpGroupAttribute: modifies the configuration of a BGP group.
ModifyBgpPeerAttribute: modifies the configuration of a BGP peer.
DeleteBgpGroup: deletes a BGP group.
DeleteBgpPeer: deletes a BGP peer.
DeleteBgpNetwork: deletes an advertised BGP CIDR block.