Configure BGP for a VBR - Express Connect - Alibaba Cloud Documentation Center

Border Gateway Protocol (BGP) is a dynamic routing protocol based on TCP. BGP is used to exchange routing and network reachability information among different autonomous systems (ASs). If you use an Express Connect circuit to connect to Alibaba Cloud, you can configure BGP to enable communication between your data center and the virtual border router (VBR) that is associated with the Express Connect circuit. This helps you build a hybrid cloud in an efficient, flexible, and reliable way.

Limits

You can specify only the data center as the BGP peer of a VBR. The data center is connected to the VBR by using an Express Connect circuit.
VBRs support only BGP-4.
You can create up to eight BGP peers for each VBR.
The Autonomous System Number (ASN) at the Alibaba Cloud side is 45104. You can specify a 2-byte or 4-byte ASN for the data center.
The local autonomous system number (ASN) of the Border Gateway Protocol (BGP) group of the virtual border router (VBR) associated with the ECR must be the same as the ASN of the ECR. If the ASN of the ECR is not 45104, you must associate a VBR with the ECR and configure BGP for the VBR.

Prerequisites

A VBR is created. For more information, see Create and manage a VBR.
BGP routing is configured in the data center, and the BGP routes are advertised to the corresponding Alibaba Cloud product. You can also configure Bidirectional Forwarding Detection (BFD) as required. For the detailed operation process, contact the service provider of your gateway device.

Step 1: Create a BGP group

BGP groups are used to simplify BGP configurations. You can add BGP peers with the same configurations to one BGP group. Before you start, you must create a BGP group with the requested ASN.

If the following message appears after you create the BGP group, a BGP loop may occur on the VBR. If the message does not appear, the VBR is free from BGP loops.

Important

If your VBR uses BGP and connects to Alibaba Cloud services by using a transit router (TR) of Cloud Enterprise Network (CEN), BGP loops may occur on the VBR. If you have any questions, contact your account manager. For more information about BGP loops, see Scenarios in which you need to avoid attaching VBRs to CEN.

Log on to the Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
Click the BGP Groups tab and click Create BGP Group.

In the Create BGP Group panel, configure the following parameters and click OK.

Parameter	Description
Protocol Type	Select a protocol. Valid values: IPv4 IPv6 Note This parameter is available only if you enable IPv6 for the VBR that you created.
Name	Enter a name for the BGP group.
Peer ASN	Specify the ASN of the data center.
BGP Key	Specify the key of the BGP group.
BGP Route Quota	Specify the maximum number of routes supported by a BGP peer. Maximum value: 110. You can go to the Quota Management page to apply for a quota increase. For more information, see Manage resource quotas.
Description	Specify the description of the BGP group.
Local ASN	Specify the local ASN. Valid values: 45104, 64512 to 65534, and 4200000000 to 4294967294. 65025 is a reserved by Alibaba Cloud. Note The local AS number of the BGP group must be the same as the ASN of the Express Connect router (ECR) that is associated with the BGP group.

Step 2: Create a BGP peer

After you create the BGP group, you can add BGP peers with the same configurations to the BGP group. This way, you do not need to configure the BGP peers one by one.

Log on to the Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
Click the BGP Peers tab and click Create BGP Peer.

In the Create BGP Peer panel, configure the following parameters and click OK.

Parameter	Description
BGP Group	Select the BGP group to which you want to add the BGP peer.
BGP Peer IP	Specify the IP address of the BGP peer. By default, enter the IPv4 address of the BGP peer. If you enabled IPv6 for the BGP group, enter the IPv6 address of the BGP peer.
Enable BFD	Specify whether to enable BFD. BFD is used to detect network connectivity. You can enable BFD for BGP to accelerate route convergence. This ensures that your business can run as expected.
BFD Hop Count	The maximum number of network devices that a packet can traverse from the source to the destination. This parameter is required only if you enable BFD for the BGP peer. The parameter specifies the maximum number of network devices that a packet can traverse from the source to the destination. Specify an appropriate value based on your network topology. Valid values: 1 to 255. Important If you use BFD in a multi-cloud environment or a fiber-optic direct connection network without any bridge device, you need to change the default BFD hop count from 255 to 1.

After you create a BGP peer, you can view the status of the BGP peer on the BGP Peers tab.

Click to view the status of the BGP peer.

Status	Description
Idle	The BGP peer is idle. Idle is the initial status of a BGP session. In this status, BGP waits for a start event. After the start event occurs, BGP initializes all resources and resets the ConnectRetry timer. Then, BGP initiates a TCP connection request and changes to the Connect state.
Connect	The BGP peer is being connected. In the Connect state, BGP initiates the first TCP connection request. If the ConnectRetry timer times out before the TCP connection is established, a new TCP connection request is initiated, and the BGP peer remains in the Connect state. If BGP fails to establish the TCP connection, the status of the BGP peer changes to Active. If the TCP connection is established, the status of the BGP peer changes to OpenSent.
Active	The BGP peer is active. In the Active state, BGP attempts to re-establish the TCP connection. If the ConnectRetry timer times out, the status of the BGP peer changes back to Connect. If BGP fails to establish the TCP connection, the BGP peer remains in the Active state, and BGP continues to initiate TCP connection requests. If the TCP connection is established, the status of the BGP peer changes to OpenSent.
OpenSent	An OPEN message is sent to the BGP peer. The OpenSent state indicates that the TCP connection is established. The first OPEN message is sent to the BGP peer. After BGP receives the OPEN message from the BGP peer, it verifies the authenticity of the message. If the OPEN message contains an error, BGP returns an error message and the status of the BGP peer changes back to Idle. If the OPEN message does not contain any errors, BGP sends a Keepalive message and resets the Keepalive timer. In addition, the status of the BGP peer changes to OpenConfirm.
OpenConfirm	The OPEN message from the BGP peer is confirmed. In the OpenConfirm state, BGP sends a Keepalive message to the BGP peer and resets the Keepalive timer. If the BGP peer receives the Keepalive message, the status of the BGP peer changes to Established, which indicates that the BGP session is established. If the TCP connection is closed, the status of the BGP peer changes back to Idle.
Established	The BGP session is established. In the Established state, BGP exchanges UPDATE messages with the BGP peer and resets the Keepalive timer.
UnEstablished	The BGP session is not established.

Step 3: Advertise the BGP CIDR block

After you create the BGP peer, ensure that the CIDR block of the VPC is advertised. After the BGP session is established, the VBR automatically learns routes that point to the CIDR block of the data center.

Important

If CEN is used to connect the VPC and the VBR, skip this step.

Log on to the Express Connect console.
In the top navigation bar, select a region and click Virtual Border Routers (VBRs) in the left-side navigation pane.
On the Virtual Border Routers (VBRs) page, find the VBR that you want to manage and click its ID.
On the details page of the VBR, click the Advertise BGP Subnet tab. Then, click Advertised BGP Subnets.
Enter the CIDR block to be advertised and click OK.

What to do next

View the monitoring events of BGP peers

CloudMonitor manages system events and custom events of Alibaba Cloud services in a centralized manner. You can configure event-triggered alert rules to monitor the BGP peer status and routes. If an exception occurs, you are notified and can manage the exception at the earliest opportunity. For more information, see Overview.

Log on to the CloudMonitor console.
In the left-side navigation pane, choose Event Center > System Event.
On the System Event page, click the Event-triggered Alert Rules tab. On the Event-triggered Alert Rules tab, click Create Alert Rule.

In the Create/Modify Event-triggered Alert Rule panel, configure the following parameters and click OK.

Parameter	Description
Basic Info
Alert Rule Name	The name of the event-triggered alert rule.
Event-triggered Alert Rules
Product Type	The service for which you want to create the alert rule. In this example, Express Connect - Physical Connections is selected.
Event Type	The type of event to trigger the alert rule. Valid values: Down: The rule is triggered when a BGP peer is disconnected. ReceiveRoutes: The rule is triggered when the number of routes received by a BGP peer reaches the upper limit.
Event Level	The severity level of events to trigger the alert rule. In this example, WARN is selected.
Event Name	The names of the events that trigger the alert rule. BgpPeerStatus:Down: Select this name if the Event Type parameter is set to Down. BgpPeerReceiveRoutes:Exceed: Select this name if the Event Type parameter is set to ReceiveRoutes.
Keyword Filtering	In the Keyword Filtering field, enter a keyword to filter events and select a match condition from the Condition drop-down list. Contains any of the keywords: If the alert rule contains any one of the specified keywords, CloudMonitor sends an alert notification. Does not contain any of the keywords: If the alert rule does not contain any one of the specified keywords, CloudMonitor sends an alert notification.
SQL Filter	The SQL statement used to filter events.
Resource Range	The range of resources to which the alert rule applies. Valid values: All Resources Application Groups In this example, All Resources is selected.
Notification Method
Alert Notification	The contacts and notification methods for alerts. Select a contact group from the Alert Contact Group drop-down list, and select a severity level and a notification method from the Notification Method drop-down list. Valid values: Critical (Phone Call + Text Message + Email + Webhook) Warning (Text Message + Email + Webhook) Info (Email + Webhook)
Message Service - Queue	The Message Service (MNS) queue to which alerts are delivered.
Function Compute	The Function Compute function to which alerts are delivered.
URL Callback	Specify a URL that can be accessed over the Internet. CloudMonitor sends HTTP POST requests to push alert notifications to the specified URL. Only HTTP is supported. For more information about how to configure alert callbacks, see Configure callbacks for system event-triggered alerts (old).
Log Service(If you select Log Service, the alert information will be written to Log Service.)	The Simple Log Service Logstore to which you want to deliver the alerts.
Mute For	Select an interval at which CloudMonitor resends alert notifications before the alert is cleared.

Manage BGP

Operation	Procedure
Modify a BGP group	On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to modify, and then click Edit in the Actions column. In the Modify BGP Group panel, configure the following parameters and click OK. Support IPv6: specifies whether to enable IPv6 for the BGP group. Name: the name of the BGP group. Peer ASN: the ASN of the data center. BGP Key: the key of the BGP group. BGP Route Quota: the maximum number of routes that a BGP peer can receive. Description: the description of the BGP group.
Modify a BGP peer	On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to modify, and then click Edit in the Actions column. In the Modify BGP Peer panel, configure the following parameters and click OK. BGP Group: the BGP group to which the BGP peer is added. BGP Peer IP: the IP address of the BGP peer. Enable BFD: specifies whether to enable BFD for the BGP peer. BFD Hop Count: the maximum number of network devices that a packet can traverse from the source to the destination. This parameter is required only when you enable BFD for the BGP peer. Valid values: 1 to 255.
Delete a BGP group	On the details page of the VBR, click the BGP Groups tab, find the BGP group that you want to delete, and then click Delete in the Actions column. In the dialog box that appears, click OK.
Delete a BGP peer	On the details page of the VBR, click the BGP Peers tab, find the BGP peer that you want to delete, and then click Delete in the Actions column. In the dialog box that appears, click OK.
Delete an advertised BGP CIDR block	On the details page of the VBR, click the Advertise BGP Subnet tab, find the CIDR block that you want to delete, and then click Delete in the Actions column. In the dialog box that appears, click OK.

References

CreateBgpGroup: creates a BGP group for a VBR.
CreateBgpPeer: adds a BGP peer to a BGP group.
ModifyBgpPeerAttribute: advertises a BGP CIDR block.
ModifyBgpGroupAttribute: modifies the configuration of a BGP group.
ModifyBgpPeerAttribute: modifies the configuration of a BGP peer.
DeleteBgpGroup: deletes a BGP group.
DeleteBgpPeer: deletes a BGP peer.
DeleteBgpNetwork: deletes an advertised BGP CIDR block.