All Products
Search

This Product

    Express Connect:Configure and manage BGP

    Document Center

    Express Connect:Configure and manage BGP

    Last Updated:Jul 08, 2025

    Border Gateway Protocol (BGP) is a dynamic routing protocol based on TCP. BGP is used to exchange routing and network reachability information among different autonomous systems (ASs). If you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable communication between your data center and the virtual border router (VBR) that is associated with the Express Connect circuit. This helps you build a hybrid cloud in an efficient, flexible, and reliable way.

    Limits

    • You can specify only the data center as the BGP peer of a VBR. The data center is connected to the VBR by using an Express Connect circuit.

    • VBRs support only BGP-4.

    • You can create up to eight BGP peers for each VBR.

    • The Autonomous System Number (ASN) at the Alibaba Cloud side is 45104. You can specify a 2-byte or 4-byte ASN for the data center.

    • The local autonomous system number (ASN) of the Border Gateway Protocol (BGP) group of the virtual border router (VBR) associated with the ECR must be the same as the ASN of the ECR. If the ASN of the ECR is not 45104, you must associate a VBR with the ECR and configure BGP for the VBR.

    • A VBR that does not support MPBGP cannot be associated with an ECR. In the Basic Information section of the VBR details page, you can check whether the VBR supports MPBGP next to Advanced features of ports.

    Prerequisites

    • A VBR is created. For more information, see Create and manage a VBR.

    • BGP routing is configured in the data center, and the BGP routes are advertised to the corresponding Alibaba Cloud product. You can also configure Bidirectional Forwarding Detection (BFD) as required. For the detailed operation process, contact the service provider of your gateway device.

    Step 1: Create a BGP group

    BGP groups are used to simplify BGP configurations. You can add BGP peers with the same configurations to one BGP group. Before you start, you must create a BGP group with the requested ASN.

    If the following message appears after you create the BGP group, BGP loops may occur on the VBR. If the message does not appear, the VBR is free from BGP loops.

    Important

    If your VBR uses BGP and connects to Alibaba Cloud services through a transit router (TR) of Cloud Enterprise Network (CEN), BGP loops may occur on the VBR. If you have any questions, contact your account manager. For more information about BGP loops, see Scenarios in which you need to avoid attaching VBRs to CEN.

    1. Log on to the Express Connect Console.

    2. In the top menu bar, select the target region, and then in the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. On the Virtual Border Routers (VBRs) page, click the target VBR instance ID.

    4. Click the BGP Groups tab and click Create BGP Group.

    5. In the Create BGP Group panel, configure the following parameters and click OK.

      Parameter

      Description

      Protocol Type

      Protocol type. Valid values:

      • IPv4

      • IPv6

        Note

        This parameter is available only if you enable IPv6 for the VBR that you created.

      Name

      Enter a name for the BGP group.

      Peer ASN

      Enter the autonomous system number (ASN) on the data center side.

      BGP Key

      Enter the key of the BGP group.

      BGP Route Quota

      Specify the maximum number of routes supported by a BGP peer.

      The maximum number of routes supported by a BGP peer is 110. To adjust this limit, contact your account manager.

      Description

      Enter the description of the BGP group.

      Local ASN

      The ASN on the local side (Alibaba Cloud side). The default value is 45104. You cannot modify this value by default.

      Note

      This parameter is available only to accounts that have the relevant permissions. Accounts that do not have the relevant permissions cannot view this parameter.

      To modify the ASN on the local side:

      1. We recommend that you use an ECR to modify the ASN. ECRs support custom ASNs. If BGP is not configured for a VBR and the VBR is associated with an ECR, the ECR automatically uses the ASN of the VBR. If you configure BGP for the VBR, the default local ASN is the ASN of the ECR.

      2. If you cannot use an ECR for networking, contact your account manager to apply for the permissions to modify the ASN. Valid ASNs: 64512 to 65024, 65026 to 65534, and 4200000000 to 4294967294. The local ASN of the BGP group must be the same as the ASN of the ECR that is associated with the BGP group.

      If the default ASN 45104 is used, BGP loops may occur in multi-line access scenarios. Use the default ASN with caution.

    Step 2: Create a BGP peer

    After you create the BGP group, you can add BGP peers with the same configurations to the BGP group. This way, you do not need to configure the BGP peers one by one.

    1. Log on to the Express Connect Console.

    2. In the top navigation bar, select the target region, and then in the left-side navigation pane, click Virtual Border Routers (VBRs).

    3. On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.

    4. Click the BGP Peers tab and click Create BGP Peer.

    5. In the Create BGP Peer panel, configure the following parameters, and then click OK.

      Configuration

      Description

      BGP Group

      Select the BGP group to which you want to add the BGP peer.

      BGP Peer IP

      Enter the IP address of the BGP peer.

      By default, enter the IPv4 address of the BGP peer. If you enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.

      Enable BFD

      Specify whether to enable bidirectional forwarding detection (BFD).

      BFD is used to detect network connectivity. You can enable BFD for BGP to accelerate route convergence. This ensures that your business can run as expected.

      BFD Hop Count

      This parameter is required only if you Enable BFD for the BGP peer.

      Enter the BFD hop count, which specifies the maximum number of network devices that a packet can traverse from the source to the destination. Set a proper value based on your network topology.

      Valid values: 1 to 255.

      Important

      If you use BFD in a multi-cloud environment or a fiber-optic direct connection network without any bridge device, you need to change the default BFD hop count from 255 to 1.

      After you create a BGP peer, you can view the status of the BGP peer on the BGP Peers page.

      Click to view the status of the BGP peer.

      Status

      Description

      Idle

      Idle.

      Idle is the initial status of a BGP session. In this status, BGP waits for a start event. After the start event occurs, BGP initializes resources, resets the ConnectRetry timer, initiates a TCP connection, and changes to the Connect state.

      Connect

      Connected.

      In the Connect state, BGP initiates the first TCP connection. If the connection retry timer (Connect-Retry) times out, BGP initiates a new TCP connection and remains in the Connect state.

      • If the TCP connection fails, the state changes to Active.

      • If the TCP connection succeeds, the state changes to OpenSent.

      Active

      Active.

      In the Active state, BGP attempts to establish a TCP connection. If the ConnectRetry timer times out, the status of the BGP peer changes back to the Connect state.

      • If BGP fails to establish the TCP connection, the BGP peer remains in the Active state, and BGP continues to initiate TCP connection requests.

      • If the TCP connection is established, the status of the BGP peer changes to OpenSent.

      OpenSent

      An OPEN message has been sent.

      In the OpenSent state, the TCP connection is established. The first OPEN message is sent to the BGP peer. BGP waits for the peer to send an OPEN message and verifies the received OPEN message.

      • If there is an error, the system sends an error notification message and returns to the Idle state.

      • If the message is correct, BGP begins to send Keepalive messages, resets the Keepalive timer, starts timing, and transitions to the OpenConfirm state.

      OpenConfirm

      Enable message confirmation.

      In the OpenConfirm state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer.

      • If the BGP peer receives the Keepalive message, the status of the BGP peer changes to Established, which indicates that the BGP session is established.

      • If the TCP connection is closed, the status of the BGP peer changes back to Idle.

      Established

      The BGP session is established.

      In the Established state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.

      UnEstablished

      The BGP session is not established.

    Step 3: Advertise the BGP CIDR block

    After you create the BGP peer, ensure that the CIDR block of the VPC is advertised. After the BGP session is established, the VBR automatically learns routes that point to the CIDR block of the data center.

    Important

    If CEN is used to connect the VPC and the VBR, skip this step.

    1. Log on to the Express Connect Console.

    2. In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.

    3. On the Virtual Border Routers (VBRs) page, click the target VBR instance ID.

    4. Click the Advertise BGP Subnet tab, and then click Advertised BGP Subnets.

    5. Enter the VPC CIDR block to advertise, and then click OK.

    What to do next

    View the monitoring events of BGP peers

    CloudMonitor manages system events and custom events of Alibaba Cloud services in a centralized manner. You can configure event-triggered alert rules to monitor the BGP peer status and routes. If an exception occurs, you are notified so that you can manage the exception at the earliest opportunity. For more information about event monitoring, see Event Monitoring Overview.

    1. Log on to the Cloud Monitor console.

    2. In the left-side navigation pane, choose Event Center > System Event.

    3. On the Event Monitoring tab, click Save As Alert Rule.

    4. In the Create/Modify Event-triggered Alert Rule panel, configure the following parameters and click OK.

      Parameter

      Description

      Basic Information

      Alert Rule Name

      Enter a name for the event-triggered alert rule.

      Event-triggered Alert Rule

      Product Type

      Select the service for which you want to create the alert rule.

      In this example, Express Connect - Physical Connections is selected.

      Event Type

      Select the type of event to trigger the alert rule.

      • Down: The rule is triggered when a BGP peer is disconnected.

      • ReceiveRoutes: The event type for route entries received from a BGP neighbor.

      Event Level

      The severity level of events to trigger the alert rule.

      In this example, WARN is selected.

      Event Name

      Select event names for the alert rule.

      • BgpPeerStatus:Down: Select this name if the Event Type parameter is set to Down.

      • BgpPeerReceiveRoutes:Exceed: Select this name if the Event Type parameter is set to ReceiveRoutes.

      Keyword Filtering

      In the Keyword Filtering field, enter a keyword to filter events and select a match condition from the Condition drop-down list:

      • Contains any of the keywords: If the alert rule contains any one of the specified keywords, CloudMonitor sends an alert notification.

      • Does not contain any of the keywords: If the alert rule does not contain any one of the specified keywords, CloudMonitor sends an alert notification.

      SQL Filter

      Enter an SQL statement to filter events.

      Resource Range

      The range of resources to which the alert rule applies. Valid values:

      • All Resources

      • Application Groups

      In this example, All Resources is selected.

      Notification Method

      Alert Notification

      The contacts and notification methods for alerts.

      Select a contact group from the Alert Contact Group drop-down list, and select a severity level and a notification method from the Notification Method drop-down list. Valid values:

      • Critical (Phone Call + Text Message + Email + Webhook)

      • Warning (Text Message + Email + Webhook)

      • Info (Email + Webhook)

      SMQ

      Select a Message Service (MNS) queue to which alerts are delivered.

      Function Compute

      The Function Compute function to which alerts are delivered.

      URL Callback

      The callback URL that can be accessed over the Internet. CloudMonitor sends HTTP POST requests to push alert notifications to the specified URL. Only the HTTP protocol is supported. For more information about how to configure alert callbacks, see Configure callbacks for system event-triggered alerts (old).

      Simple Log Service

      Select a Simple Log Service Logstore to which you want to deliver the event alerts.

      Mute For

      The interval at which CloudMonitor resends alert notifications before the alert is cleared.

    Manage BGP

    Operation

    Procedure

    Modify a BGP group

    1. On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to modify, and then click Edit in the Actions column.

    2. In the Modify BGP Group panel, configure the following parameters and click OK.

      • Support IPv6: specifies whether to enable IPv6 for the BGP group.

      • Name: the name of the BGP group.

      • Peer ASN: the ASN of the data center.

      • BGP Key: the key of the BGP group.

      • BGP Route Quota: the maximum number of routes that a BGP peer can receive.

      • Description: the description of the BGP group.

    Modify a BGP peer

    1. On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to modify, and then click Edit in the Actions column.

    2. In the Modify BGP Peer panel, configure the following parameters and click OK.

      • BGP Group: the BGP group to which the BGP peer is added.

      • BGP Peer IP: the IP address of the BGP peer.

      • Enable BFD: specifies whether to enable BFD for the BGP peer.

      • BFD Hop Count: the maximum number of network devices that a packet can traverse from the source to the destination. This parameter is required only when you Enable BFD for the BGP peer. Valid values: 1 to 255.

    Delete a BGP group

    1. On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to delete, and then click Delete in the Actions column.

    2. In the dialog box that appears, click OK.

    Delete a BGP peer

    1. On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to delete, and then click Delete in the Actions column.

    2. In the dialog box that appears, click OK.

    Delete the CIDR block advertised by BGP

    1. On the details page of the VBR, click the Advertise BGP Subnet tab, find the CIDR block that you want to delete, and then click Delete in the Actions column.

    2. In the dialog box that appears, click OK.

    References