Border Gateway Protocol (BGP) makes core routing decisions. It includes a table of IP networks or prefixes, which designate network reachability among multiple autonomous systems.

An underlying connection between two BGP speakers is established before any routing information is exchanged. Keepalive messages are sent by the BGP speakers in order to keep this relationship alive. After the connection is established, the BGP speakers exchange routes and synchronize their tables.

Procedure

  1. Log in to the vSphere Web Client.
  2. Click Networking & Security > NSX Edges.
  3. Double-click an NSX Edge.
  4. Click Manage > Routing > BGP.
  5. Next to BGP Configuration, click Edit, and then click Enable BGP.
  6. (Optional) Click Enable Graceful Restart for packet forwarding to be uninterrupted during restart of BGP services.
  7. (Optional) Click Enable Default Originate to allow the ESG to advertise itself as a default gateway to its peers.
  8. In Local AS, enter the router ID. The routes are advertised when BGP peers with routers in other autonomous systems (AS). The path of autonomous systems that a route traverses is used as one metric when selecting the best path to a destination.
  9. In Neighbors, click Add.
  10. Specify basic details of the BGP neighbor.
    1. Type the IP address of the neighbor.
      When you configure BGP peering between an edge services gateway (ESG) and a logical router, use the protocol IP address of the logical router as the BGP neighbor address of the ESG.
    2. (On a logical router only) Type the forwarding address.
      The forwarding address is the IP address that you assigned to the distributed logical router's interface facing its BGP neighbor (its uplink interface).
    3. (On a logical router only) Type the protocol address.
      The protocol address is the IP address that the logical router uses to form a BGP neighbor relationship. It can be any IP address in the same subnet as the forwarding address, but this IP address must not be used anywhere else. When you configure BGP peering between an edge services gateway (ESG) and a logical router, use the protocol IP address of the logical router as the BGP neighbor IP address of the ESG.
    4. Type the remote AS.
    5. (Optional) Disable Remove Private AS. By default, it is enabled.
    6. Edit the default weight for the neighbor connection, if necessary. The default weight is 60.
    7. Hold Down Timer displays a default value of 180 seconds, which is three times the value of keep alive timer. Edit if necessary.
      When BGP peering is achieved between two neighbors, the NSX Edge starts a hold down timer. Each keep alive message it receives from the neighbor resets the hold down timer to 0. When the NSX Edge fails to receive three consecutive keep alive messages so that the hold down timer reaches 180 seconds, the NSX Edge considers the neighbor as down and deletes the routes from this neighbor.
      Note: The default time-to-live (TTL) value for eBGP neighbors is 1 and for iBGP neighbors is 64. This value cannot be modified.
    8. Keep Alive Timer displays the default frequency of 60 seconds at which a BGP neighbor sends keep alive messages to its peer. Edit if necessary.
    9. If authentication is required, enter an authentication password.
      Password must be at least 12 characters and it must satisfy these rules:
      • Must not exceed 255 characters
      • At least one uppercase letter and one lowercase letter
      • At least one number
      • At least one special character
      • Must not contain the user name as a substring
      • Must not consecutively repeat a character 3 or more times.

      Each segment sent on the connection between the neighbors is verified. MD5 authentication must be configured with the same password on both BGP neighbors, otherwise, the connection between them is not made. You cannot enter a password when FIPS mode is enabled.

  11. Specify the BGP Filters.
    1. Click Add.
      Caution: A "block all" rule is enforced at the end of the filters.
    2. Select the direction to indicate whether you are filtering traffic to or from the neighbor.
    3. Select the action to indicate whether you are allowing or denying traffic.
    4. Type the network in CIDR format that you want to filter to or from the neighbor.
    5. Type the IP prefixes that are to be filtered and click OK.
  12. Click Publish Changes.

Example: Configure BGP Between an ESG and a Logical (Distributed) Router

""

In this topology, the ESG is in AS 64511. The logical router (DLR) is in AS 64512.

The forwarding address of the logical router is 192.168.10.2. This address is configured on the uplink interface of the logical router. The protocol address of the logical router is 192.168.10.3. The ESG uses this address to form a BGP peer relationship with the logical router.

On the BGP Configuration page of the logical router, the configuration settings are as follows:
  • Local AS: 64512
  • Neighbor settings:
    • Forwarding address: 192.168.10.2
    • Protocol address: 192.168.10.3
    • IP address: 192.168.10.1
    • Remote AS: 64511
On the BGP Configuration page of the ESG, the configuration settings are as follows:
  • Local AS: 64511
  • Neighbor settings:
    • IP address: 192.168.10.3. This IP address is the protocol address of the logical router.
    • Remote AS: 64512

On the logical router, run the show ip bgp neighbors command, and make sure that the BGP state is Established.

BGP state is established on the DLR.

On the ESG, run the show ip bgp neighbors command, and make sure that the BGP state is Established.

BGP state is established on the ESG.