Starting with VMware Cloud Director 10.5.1, you can configure BGP settings on your provider gateway that uses IP spaces.

Prerequisites

  • Verify that you have the Limited Provider Gateway BGP: View and Limited Provider Gateway BGP: Manage rights assigned to you.

  • Verify that the provider gateway uses IP spaces.
  • Verify that your system administrator has provided you with the necessary BGP configuration permissions for the relevant BGP configuration components. See Configure BGP Permission Groups on a Provider Gateway in the VMware Cloud Director Service Provider Admin Guide.

Add a BGP Neighbor On Your Provider Gateway in the VMware Cloud Director Tenant Portal

You can configure individual settings for the BGP routing neighbors when you add them on the provider gateway.

Prerequisites

  • Verify that you have the Limited Provider Gateway BGP: View and Limited Provider Gateway BGP: Manage rights assigned to you.

  • Verify that your organization is assigned the BGP Neighbors: Manage permission.

Procedure

  1. In the top navigation bar, click Networking and click the Provider Gateways tab.
  2. Click the provider gateway.
  3. Click BGP and click Neighbors.
  4. Click New.
  5. Enter the general settings for the new BGP neighbor.
    1. Enter an IPv4 or IPv6 address for the new BGP neighbor.
    2. Enter a remote Autonomous System (AS) number in ASPLAIN format.
    3. Enter a time interval between sending keep-alive messages to a BGP peer.
    4. Enter a time interval before declaring a BGP peer dead.
    5. From the drop-down menu, select a Graceful Restart Mode option for this neighbor.
      Option Description
      Disable Overrides the global provider gateway settings and deactivates graceful restart mode for this neighbor.
      Helper only Overrides the global provider gateway settings and configures graceful restart mode as Helper only for this neighbor.
      Graceful restart and Helper Overrides the global provider gateway settings and configures graceful restart mode as Graceful restart and Helper for this neighbor.
    6. Turn on the AllowAS-in toggle to enable receiving routes with the same AS.
    7. If the BGP neighbor requires authentication, enter the password for the BGP neighbor.
  6. Configure the Bidirectional Forwarding Detection (BFD) settings for the new BGP neighbor.
    1. (Optional) Toggle on the BFD option to enable BFD for failure detection.
    2. In the BDF interval text box, define the time interval for sending heartbeat packets.
    3. In the Dead Multiple text box, enter the number of times the BGP neighbor can fail to send heartbeat packets before the BFD declares it is down.
  7. Configure route filtering.
    1. Select an IP address family from the IP Address Family drop-down menu.
    2. Configure an inbound filter.
      1. Click Set.
      2. Toggle on the Use Filter option
      3. Select Prefix List or Route Map as filter type.
      4. Select one or more route maps or prefix lists from the list.
    3. Configure an outbound filter.
      1. Click Set.
      2. Toggle on the Use Filter option.
      3. Select Prefix List or Route Map as filter type.
      4. Select one or more route maps or prefix lists from the list.
  8. Click Save.

Configure an IP Prefix List on Your Provider Gateway in the VMware Cloud Director Tenant Portal

You can create IP prefix lists which contain single or multiple IP addresses. You use IP prefix lists to assign BGP neighbors with access permissions for route advertisement.

The IP prefix lists are referenced through BGP neighbor filters to limit the number of BGP updates that are exchanged between BGP peers. By using route filtering, you can reduce the amount of system resources needed for BGP updates.

For example, you can add the IP address 192.168.100.3/27 to the IP prefix list and deny the route from being redistributed to the provider gateway.

You can also append an IP address with less than or equal to (le) and greater than or equal to (ge) modifiers to grant or limit route redistribution. For example, 192.168.100.3/27 ge 26 le 32 modifiers match subnet masks greater than or equal to 26-bits and less than or equal to 32-bits in length.

Prerequisites

  • Verify that your organization is assigned the IP Prefix Lists: Manage permission.

  • Verify that you have the Limited Provider Gateway BGP: View and Limited Provider Gateway BGP: Manage rights assigned to you.

Procedure

  1. In the top navigation bar, click Networking and click the Provider Gateways tab.
  2. Click the provider gateway.
  3. Click BGP and click IP Prefix Lists.
  4. To add a list, click New.
  5. Enter a name and, optionally, a description for the prefix list.
  6. Click New and add a CIDR notation for the prefix.
  7. From the drop-down menu, select an action to apply to the prefix.
  8. (Optional) Enter greater than or equal to and less than or equal to modifiers to grant or limit route redistribution.
  9. Click Save.

What to do next

You can move the IP prefix list up or down the list, edit, or delete it.

Configure Community Lists on Your Provider Gateway in the VMware Cloud Director Tenant Portal

You can create BGP community lists to define route maps based on the community lists.

A BGP community is a group of BGP routes that are labeled with extra information. This allows routers to better classify and handle routes that are sharing common attributes.

BGP community lists are user-defined lists of community attribute values. These lists can be used for matching or manipulating the communities attribute in BGP update messages.

BGP Communities attribute (RFC 1997) and the BGP Large Communities attribute (RFC 8092) are supported. The BGP Communities attribute is a 32-bit value split into two 16-bit values. The BGP Large Communities attribute has 3 components, each 4 octets in length.

In route maps, you can match on or set the BGP Communities or Large Communities attribute. You can use communities lists to enforce network policy based on the BGP community attributes.

Prerequisites

  • Verify that you have the Limited Provider Gateway BGP: View and Limited Provider Gateway BGP: Manage rights assigned to you.

  • Verify that your organization is assigned the Community Lists: Manage permission.

Procedure

  1. In the top navigation bar, click Networking and click the Provider Gateways tab.
  2. Click the provider gateway.
  3. Click BGP and click Communities Lists
  4. To add a communities list, click New.
  5. Enter a name for the list.
  6. Select a type of communities.
    Regular and large communities attributes are supported.
  7. Specify a list of communities.
    If you are adding a regular community, you can select one or more of the well-known regular communities from the drop-down list.
    • NO_EXPORT - Do not advertise any of the routes received carrying a communities attribute that contains this value outside of the BGP confederation.
    • NO_ADVERTISE - Do not advertise any of the routes received carrying a communities attribute that contains this value to any BGP peer.
    • NO_EXPORT_SUBCONFED - Do not advertise any of the routes received carrying a communities attribute that contains this value to external BGP peers.
  8. Click Save.

What to do next

Configure Route Maps on Your Provider Gateway.

Configure BGP Route Maps on Your Provider Gateway in the VMware Cloud Director Tenant Portal

You can use route maps to define route policies at the BGP neighbor level and for route redistribution.

You create BGP route maps by defining a sequence of IP prefix lists, BGP path attributes, and an associated action.

When you use BGP route maps, the provider gateway scans the route or the traffic to which the criteria should be applied for a match, and if there is one, the router performs the action that you configured and stops scanning.

Prerequisites

  • Verify that you have the Limited Provider Gateway BGP: View and Limited Provider Gateway BGP: Manage rights assigned to you.

  • Verify that your organization is assigned the Route Maps: Manage permission.

Procedure

  1. In the top navigation bar, click Networking and click the Provider Gateways tab.
  2. Click the provider gateway.
  3. Click BGP and click Route Maps
  4. To add a route map, click New.
  5. Enter a name and, optionally, a description for the route map.
  6. Click New.
  7. From the drop-down menu, select a type of match criteria.

  9. Depending on the type of match criteria that you selected, choose one of the options.
    Option Description
    IP Prefix Click Select IP prefix lists, select the IP prefix lists from the list, and click Save.
    Community List
    1. Click Select Members and Match Criteria.
    2. Click New.
    3. In the Match Expression column, specify match expressions that define how to match members of community lists. For each community list, the following match options are available:
      • Match Any - perform the set action in the route map if any of the communities in the community list is matched.
      • Match All- perform the set action in the route map if all the communities in the community list are matched regardless of the order.
      • Match Exact- perform the set action in the route map if all the communities in the community list are matched in the exact same order.
      • Match Community Regex- perform the set action in the route map if all the regular communities match the regular expression.
      • Match Large Community Regex- perform the set action in the route map if all the large communities match the regular expression.

      If you want to permit routes containing either the standard community or large community value, you must create two match criteria. If the match expressions are given in the same match criterion, only the routes containing both the standard and large communities will be permitted.

      For any match criterion, the match expressions are applied in an AND operation, which means that all match expressions must be satisfied for a match to occur. If there are multiple match criteria, they are applied in an OR operation, which means that a match will occur if any one match criterion is satisfied.

    4. Enter an expression to match the community list and click Save.
  10. In the Action column, select Permit or Deny.
    By selecting an action, you permit or deny IP addresses matched by the IP prefix or community lists to be advertised.
  11. Configure BGP attributes.
    Option Description
    Weight Enter a weight value to influence path selection. The range is 0 - 65535.
    Local Preference Use this value to choose the outbound external BGP path. The path with the highest value is preferred.
    Path Prepend Prepend a path with one or more autonomous system numbers to make the path longer and therefore less preferred.
    Prefer global IPv6 To opt for IPv6 path selection, turn on the Prefer global IPv6 option.
    Multi Exit Discriminator Multi-exit discriminator indicates to an external peer a preferred path to an autonomous system.
    Community

    Specify a list of communities. For a regular community use the aa:nn format, for example, 300:500. For a large community use the aa:bb:cc format, for example, 11:22:33.

    You can select one or more of the well-known regular communities from the drop-down list.

    • NO_EXPORT_SUBCONFED - Do not advertise to external BGP peers.
    • NO_ADVERTISE - Do not advertise to any peer.
    • NO_EXPORT - Do not advertise outside BGP confederation.
  12. Click Save.