Configure BGP on a Tier-0 Logical Router in Manager Mode

To enable access between your VMs and the outside world, you can configure an external or internal BGP (eBGP/iBGP) connection between a tier-0 logical router and a router in your physical infrastructure.

The iBGP feature has the following capabilities and restrictions:

Redistribution, prefix lists, and routes maps are supported.
Route reflectors are not supported.
BGP confederation is not supported.

When configuring BGP, you must configure a local Autonomous System (AS) number for the tier-0 logical router. For example, the following topology shows the local AS number is 64510. You must also configure the remote AS number. EBGP neighbors must be directly connected and in the same subnet as the tier-0 uplink. If they are not in the same subnet, BGP multi-hop should be used.

A tier-0 logical router in active-active mode supports inter-SR (service router) routing. If router #1 is unable to communicate with a northbound physical router, traffic is re-routed to router #2 in the active-active cluster. If router #2 is able to communicate with the physical router, traffic between router #1 and the physical router will not be affected.

In a topology with a tier-0 logical router in active-active mode attached to a tier-1 logical router in active-standby mode, you must enable inter-SR routing to handle asymmetric routing. You have asymmetric routing if you configure a static route on one of the SRs, or if one SR needs to reach another SR's uplink. In addition, note the following:

In the case of a static route configured on one SR (for example, SR #1 on Edge node #1), another SR (for example, SR #2 on Edge node #2) might learn the same route from an eBGP peer and prefer the learned route to the static route on SR #1, which might be more efficient. To ensure that SR #2 uses the static route configured on SR #1, configure the tier-1 logical router in pre-emptive mode and configure Edge node #1 as the preferred node.
If the tier-0 logical router has an uplink port on Edge node #1 and another uplink port on Edge node #2, ping traffic from tenant VMs to the uplinks works if the two uplinks are in different subnets. Ping traffic will fail if the two uplinks are in the same subnet.

Note: Router ID used for forming BGP sessions on an edge node is automatically selected from the IP addresses configured on the uplinks of a tier-0 logical router. BGP sessions on an edge node can flap when router ID changes. This can happen when the IP address auto-selected for router ID is deleted or the logical router port on which this IP is assigned is deleted.

BGP connection topology diagram — Figure 1. BGP Connection Topology

Caution: Note the following scenarios when there are connection failures involving BGP or BFD:

With only BGP configured, if all BGP neighbors go down, the service router's state will be down.
With only BFD configured, if all BFD neighbors go down, the service router's state will be down.
With BGP and BFD configured, if all BGP and BFD neighbors go down, the service router's state will be down.
With BGP and static routes configured, if all BGP neighbors go down, the service router's state will be down.
With only static routes configured, the service router's state will always be up unless the node is experiencing a failure or in a maintenance mode.

Prerequisites

Verify that the tier-1 router is configured to advertise connected routes. See Configure Route Advertisement on a Tier-1 Logical Router in Manager Mode. This is not strictly a prerequisite for BGP configuration, but if you have a two-tier topology and you plan to redistribute your tier-1 networks into BGP, this step is required.
Verify that a tier-0 router is configured. See Create a Tier-0 Logical Router in Manager Mode.
Make sure the tier-0 logical router has learned routes from the tier-1 logical router. See Verify that a Tier-0 Router Has Learned Routes from a Tier-1 Router.
Verify that Manager mode is selected in the NSX Manager user interface. See NSX Manager. If you do not see the Policy and Manager mode buttons, see Configure the User Interface Settings.

Procedure

With admin privileges, log in to NSX Manager.
Select Networking > Tier-0 Logical Routers.
Select the tier-0 logical router.
Click the Routing tab and select BGP from the drop-down menu.
Click Edit.
1. Enter the local AS number.
  For example, 64510.
2. Click the Status toggle to enable or disable BGP.
3. Click the ECMP toggle to enable or disable ECMP.
4. Click the Graceful Restart toggle to enable or disable graceful restart.
  Graceful restart is not supported when a tier-0 has only one BGP peer since the tier-0 SR will go down by design when that single BGP peer goes down.
5. If this logical router is in active-active mode, click the Inter SR Routing toggle to enable or disable inter-SR routing.
6. Configure route aggregation.
7. Click Save.
Click Add to add a BGP neighbor.
Enter the neighbor IP address.

For example, 192.168.100.254.
Specify the maximum hop limit.
The default is 1.
Enter the remote AS number.
For example, 64511 (eBGP neighbor) or 64510 (iBGP neighbor).
Configure the timers (keep alive time and hold down time) and a password.
Click the Local Address tab to select a local address.
1. (Optional) Uncheck All Uplinks to see loopback ports as well as uplink ports.
Click the Address Families tab to add an address family.
Click the BFD Configuration tab to enable BFD.
Click Save.

What to do next

Test whether BGP is working properly. See Verify BGP Connections from a Tier-0 Service Router.