To enable access between your VMs and the outside world, you can configure an external or internal BGP (eBGP or iBGP) connection between a tier-0 gateway and a router in your physical infrastructure.
When configuring BGP, you must configure a local Autonomous System (AS) number for the tier-0 gateway. You must also configure the remote AS number. EBGP neighbors must be directly connected and in the same subnet as the tier-0 uplink. If they are not in the same subnet, BGP multi-hop should be used.
BGPv6 is supported for single hop and multihop. Redistribution, prefix list, and route maps are supported with IPv6 prefixes.
RFC-5549 enables BGPv6 sessions to exchange IPv4 routes with an IPv6 next hop. To minimize the number of BGP sessions and IPv4 addresses, you can exchange both IPv4 and IPv6 routes over a BGP session. Support for encoding and processing an IPv4 route with an IPv6 next hop is negotiated as part of the capability exchange in the BGP OPEN message. If both sides of a peering session support the capability, IPv4 routes are advertised with an IPv6 next hop. Multi-protocol BGP (MP-BGP) is used to advertise the Network Layer Reachability Information of a IPv4 address family using the next hop of an IPv6 address family.
A tier-0 gateway in active-active mode supports inter-SR (service router) iBGP. If gateway #1 is unable to communicate with a northbound physical router, traffic is re-routed to gateway #2 in the active-active cluster. If gateway #2 is able to communicate with the physical router, traffic between gateway #1 and the physical router will not be affected.
The implementation of ECMP on NSX Edge is based on the 5-tuple of the protocol number, source and destination address, and source and destination port.
- Redistribution, prefix lists, and routes maps are supported.
- Route reflectors are not supported.
- BGP confederation is not supported.
- From your browser, log in with admin privileges to an NSX Manager at https://<nsx-manager-ip-address>.
- Select .
- To edit a tier-0 gateway, click the menu icon (three dots) and select Edit.
- Click BGP.
- Enter the local AS number.
In active-active mode, the default ASN value, 65000, is already filled in. In active-standby mode, there is no default ASN value.
- Click the BGP toggle to enable or disable BGP.
In active-active mode, BGP is enabled by default. In active-standby mode, BGP is disabled by default.
- If this gateway is in active-active mode, click the Inter SR iBGP toggle to enable or disable inter-SR iBGP. It is enabled by default.
If the gateway is in active-standby mode, this feature is not available.
- Click the ECMP toggle button to enable or disable ECMP.
- Click the Multipath Relax toggle button to enable or disable load-sharing across multiple paths that differ only in AS-path attribute values but have the same AS-path length.
Note: ECMP must be enabled for Multipath Relax to work.
- In the Graceful Restart field, select Disable, Helper Only, or Graceful Restart and Helper.
You can optionally change the Graceful Restart Timer and Graceful Restart Stale Timer.
By default, the Graceful Restart mode is set to Helper Only. Helper mode is useful for eliminating and/or reducing the disruption of traffic associated with routes learned from a neighbor capable of Graceful Restart. The neighbor must be able to preserve its forwarding table while it undergoes a restart.
For EVPN, only the Helper Only mode is supported.
The Graceful Restart capability is not recommended to be enabled on the tier-0 gateways because BGP peerings from all the gateways are always active. On a failover, the Graceful Restart capability will increase the time a remote neighbor takes to select an alternate tier-0 gateway. This will delay BFD-based convergence.
Note: Unless overridden by neighbor-specific configuration, the tier-0 configuration applies to all BGP neighbors.
- Enter the local AS number.
- Configure Route Aggregation by adding IP address prefixes.
- Click Add Prefix.
- Enter a IP address prefix in CIDR format.
- For the option Summary Only, select Yes or No.
- Click Save.
You must save the global BGP configuration before you can configure BGP neighbors.
- Configure BGP Neighbors.
- Enter the IP address of the neighbor.
- Enable or disable BFD.
- Enter a value for Remote AS number.
For iBGP, enter the same AS number as the one in step 4a. For eBGP, enter the AS number of the physical router.
- Under Route Filter, click Set to add one or more route filters.
For IP Address Family, you can select IPv4, IPv6, or L2VPN EVPN. You can have at most two route filters, with one address family being IPv4 and the other being IPv6 or L2VPN EVPN. For RFC 5549, ensure that you provide an IPv4 address-family along with the IPv6 address family for the IPv6 BGP peer IP address . The combination, IPv6 and L2VPN EVPN, is not supported.
For Maximum Routes, you can specify a value between 1 and 1,000,000. This is the maximum number of BGP routes that the gateway will accept from the BGP neighbor.
Note: If you configure a BGP neighbor with one address family, for example, L2VPN EVPN, and then later add a second address family, the established BGP connection will be reset.
- Enable or disable the Allowas-in feature.
This is disabled by default. With this feature enabled, BGP neighbors can receive routes with the same AS, for example, when you have two locations interconnected using the same service provider. This feature applies to all the address families and cannot be applied to specific address families.
- In the Source Addresses field, you can select a source address to establish a peering session with a neighbor using this specific source address. If you do not select any, the gateway will automatically choose one.
- Enter a value for Max Hop Limit.
- In the Graceful Restart field, you can optionally select Disable, Helper Only, or Graceful Restart and Helper.
Option Description None selected The Graceful Restart for this neighbor will follow the Tier-0 gateway BGP configuration. Disable
- If the tier-0 gateway BGP is configured with Disable, Graceful Restart will be disabled for this neighbor.
- If the tier-0 gateway BGP is configured with Helper Only, Graceful Restart will be disabled for this neighbor.
- If the tier-0 gateway BGP is configured with Graceful Restart and Helper, Graceful Restart will be disabled for this neighbor.
- If the tier-0 gateway BGP is configured with Disable, Graceful Restart will be configured as Helper Only for this neighbor.
- If the tier-0 gateway BGP is configured with Helper Only, Graceful Restart will be configured as Helper Only for this neighbor.
- If the tier-0 gateway BGP is configured with Graceful Restart and Helper, Graceful Restart will be configured as Helper Only for this neighbor.
Graceful Restart and Helper
- If the tier-0 gateway BGP is configured with Disable, Graceful Restart will be configured as Graceful Restart and Helper for this neighbor.
- If the tier-0 gateway BGP is configured with Helper Only, Graceful Restart will be configured as Graceful Restart and Helper for this neighbor.
- If the tier-0 gateway BGP is configured with Graceful Restart and Helper, Graceful Restart will be configured as Graceful Restart and Helper for this neighbor.
Note: For EVPN, only the Helper Only mode is supported.
- Click Timers & Password.
- Enter a value for BFD Interval.
The unit is milliseconds. For an Edge node running in a VM, the minimum value is 500. For a bare-metal Edge node, the minimum value is 50.
- Enter a value for BFD Multiplier.
- Enter a value, in seconds, for Hold Down Time and Keep Alive Time.
The Keep Alive Time specifies how frequently KEEPALIVE messages will be sent. The value can be between 0 and 65535. Zero means no KEEPALIVE messages will be sent.
The Hold Down Time specifies how long the gateway will wait for a KEEPALIVE message from a neighbor before considering the neighbor dead. The value can be 0 or between 3 and 65535. Zero means no KEEPALIVE messages are sent between the BGP neighbors and the neighbor will never be considered unreachable.
Hold Down Time must be at least three times the value of the Keep Alive Time.
- Enter a password.
This is required if you configure MD5 authentication between BGP peers.
- Click Save.