Border Gateway Protocol (BGP) makes core routing decisions. It includes a table of IP networks or prefixes, which designate network reachability among multiple autonomous systems.
An underlying connection between two BGP speakers is established before any routing information is exchanged. Keepalive messages are sent by the BGP speakers in order to keep this relationship alive. After the connection is established, the BGP speakers exchange routes and synchronize their tables.
- Log in to the vSphere Web Client.
- Click Networking & Security and then click NSX Edges.
- Double-click an NSX Edge.
- Click Routing and then click BGP.
- Click Edit.
- In the Edit BGP Configuration dialog box, click Enable BGP.
- Click Enable Graceful Restart for packet forwarding to be un-interrupted during restart of BGP services.
- Click Enable Default Originate to allow NSX Edge to advertise itself as a default gateway to its peers.
- Type the router ID in Local AS. Type the Local AS. This is advertised when BGP peers with routers in other autonomous systems (AS). The path of ASs that a route traverses is used as one metric when selecting the best path to a destination.
- Click OK.
- In Neighbors, click the Add icon.
- Type the IP address of the neighbor.
When you configure BGP peering between an edge services gateway (ESG) and a logical router, use the logical router's protocol IP address as the ESG's BGP neighbor address.
- (On a logical router only) Type the forwarding address.
The forwarding address is the IP address that you assigned to the distributed logical router's interface facing its BGP neighbor (its uplink interface).
- (On a logical router only) Type the protocol address.
The protocol address is the IP address that the logical router uses to form a BGP neighbor relationship. It can be any IP address in the same subnet as the forwarding address (as long as it is not used anywhere else). When you configure BGP peering between an edge services gateway (ESG) and a logical router, use the logical router's protocol IP address as the ESG neighbor's IP address.
- Type the remote AS.
- Edit the default weight for the neighbor connection if required.
- Hold Down Timer displays interval (180 seconds) after not receiving a keep alive message that the software declares a peer dead. Edit if required.
- Keep Alive Timer displays the default frequency (60 seconds) with which the software sends keepalive messages to its peer. Edit if required.
- If authentication is required, type the authentication password. Each segment sent on the connection between the neighbors is verified. MD5 authentication must be configured with the same password on both BGP neighbors, otherwise, the connection between them will not be made.
You cannot enter password when FIPS mode is enabled.
- To specify route filtering from a neighbor, click the Add icon in the BGP Filters area.
A "block all" rule is enforced at the end of the filters.
- Select the direction to indicate whether you are filtering traffic to or from the neighbor.
- Select the action to indicate whether you are allowing or denying traffic.
- Type the network in CIDR format that you want to filter to or from the neighbor.
- Type the IP prefixes that are to be filtered and click OK.
- Click Publish Changes.
Configure BGP Between an ESG and a Logical Router
In this topology, the ESG is in AS 64511. The logical router (DLR) is in AS 64512.
The logical router's forwarding address is 192.168.10.2. This is the address configured on the logical router's uplink interface. The logical router's protocol address is 192.168.10.3. This is the address that the ESG will use to form its BGP peering relationship with the logical router.
On the logical router, configure BGP as shown:
On the ESG, configure BGP as shown:
The ESG's neighbor address is 192.168.10.3, which is the logical router's protocol address.
Run the show ip bgp neighbors command on the logical router, and make sure the BGP state is Established.
Run the show ip bgp neighbors command on the ESG, and make sure the BGP state is Established.