At the enterprise level, by default, the Routing BGP feature is enabled. You can configure BGP per segment by following the steps on this procedure.

Note:
  • 4-Byte ASN BGP is supported, Peer to a neighbor with 4-Byte ASN- Accept 4-Byte ASNs in route advertisements. Only plain format is supported; asdot/decimal format is not supported.
  • BGP can be configured per segment. You can configure either at the Profile level or the Edge level with the Edge Override enabled.

Community Additive Support

BGP inbound and outbound configuration supports setting BGP communities. Community values can be used to identify the source of the routes. By default, if "additive" is not checked, the existing BGP community will be replaced by the "set" value(s). If the community additive option is checked, we will append the set community values to the existing BGP community. As shown in the example image below, community 12345:11 and 12345:22 will be appended to the existing BGP community. NOTE: The maximum number of community strings supported is twelve.

  1. Configure BGP for VPN profiles:
    1. Go to Configure > Profile from the navigation panel.

      The Configuration Profiles screen appears.

    2. Select a profile you want to enable BGP for and click the Device icon for the applicable Profile.

      The Device Settings screen for the selected Profile appears.

  2. Scroll down to the BGP Settings area, and turn BGP ON as shown in the image below.
    configure-dynamic-routing-ospf-bgp-bgp-settings
  3. Click the Edit button to define the BGP neighbors.
  4. In the BGP Editor:
    1. Click the Add Filter button to create one or more filters. (These filters will be applied to the neighbor to deny or change the attributes of the route. The same filter can be used for multiple neighbors).

      The Create BGP Filter dialog appears (image below).

    2. In the Create BGP Filter dialog:
      1. Type in a name for the filter in the Filter Name textbox.
      2. Set the Rules for the filter.
        • Choose Prefix or Community from the Type drop-down menu.
        • Set the value for either the Prefix or Community in the Value textbox.
        • If appliable, check the Exact Match checkbox.
        • Indicate the action type (Permit or Deny) from the Type drop-down menu.
        • From the Set drop-down menu, choose either None, Local Preference, Metric, AS-Path-Prepend, or Community, Community Additive checkbox. See the section above titled, Community Additive Support" for more information.

        See table below for a description of these fields (see the image below the table for reference).

      Rule Field Description
      Match Type: Prefix or Community
      Value
      Exact Match checkbox
      Action Type: Permit or Deny
      Set Option: None
      Set Option: Local Preference
      Set Option: Community and Community Additive checkbox

      BGP inbound and outbound configuration supports the additive configuration option. This appends incoming community attributes along with setup community values. Community values can be used to identify the source of the routes. By default, if "additive" is not checked, the community value will be replaced by the "set" value.

      Set Option: Metric
      Set Option: AS-Path-Prepend
    3. After you have set the rules for the filter, click the OK button.
    4. In the BGP Editor dialog box, enter the Local ASN number in the Local ASN textbox.
    5. In the Neighbor's area, enter the Neighbor IP and ASN in the appropriate text boxes, and specify Inbound Filters or Outbound Filters from the Filter list defined in the previous step.
    6. Add additional options by clicking the view all button to open the drop-down menu. Apply additional options as needed. (See the table below for a description of each option and the table below for additional reference).
      Additional Options Field Description
      Neighbor Flag drop-down menu Used to flag the neighbor type. Choose between two options from the drop-down menu: None and Uplink. Select Uplink if it is used as the WAN overlay towards MPLS. It will be used as the flag to decide whether the site will become a transit site (e.g. hub) by propagating routes leant over SD-WAN overlay to WAN link toward MPLS. If need to make it a transit site, also check "Overlay Prefix Over Uplink" in Advanced option.
      Allow AS checkbox Learn BGP routes even though the same AS is in the AS-path.
      Default Route checkbox Advertise a default route to the neighbor. See step "e, ii" below for more information about using the Default Route checkbox.
      Connect Interval in seconds before it tries new TCP connection with the peer if it detects the TCP session is not passive. Default value is 120 seconds.
      MD5 Auth checkbox Enables BGP MD5 authentication. The MD5 Auth checkbox is used in a legacy network or federal network, and it is common that BGP MD5 is used as a security guard for BGP peering.
      MD5 Password textbox A password is required when enabling MD5 Auth.

    7. Click the Advanced Settings button.

      The Advanced Settings area appears.

    8. In the Additional Settings area, you can enter the following additional BGP settings described in the table below. (See the image below for additional reference).
      Additional Settings Fields Description
      Router ID If no ID is configured, an ID will be automatically assigned.
      Keep Alive

      The frequency (in seconds) that the "Keep Alive" message will be sent to its peer. The default value is 60 seconds. The range is 0-65535.

      Hold Timers

      Interval in seconds that the peer is considered after not receiving the Keep Alive message. The default value is 180 seconds. The range is 0-65535.

      Uplink Community

      Uplink refers to link connected to the Provider Edge (PE).

      Inbound routes (towards the edge) matching this community will be treated as Uplink routes. (For which the Hub/Edge is not considered the owner).

      Input can be in the original number format or in the new AA:NN format.

      Overlay Prefix Redistributes prefixes learned from the overlay.
      Disable AS-PATH Carry Over By default, this should be left unchecked. In certain topologies, disabling AS-PATH Carry Over will influence the outbound AS-PATH to make the L3 routers prefer a path towards an Edge or a Hub. Warning: When the AS-PATH Carry Over is checked, tune your network to avoid routing loops.
      Connected Routes Redistributes all the connected Interface subnets.
      OSPF checkbox Enables OSPF redistribute into BGP.
      Default Route Redistributes default route only when Edge learns via overlay or underlay.
      Set Metric textbox Optionally, you can enable OSPF, which allows an injection of OSPF routes into BGP. The default BGP metric for the redistributed OSPF routes is MED value of 20.
      Overlay Prefixes Over Uplink Uplink refers to link/neighbor which is configured with the Neighbor flag Uplink (Normally, the link is connected to the Provider Edge(PE) router). Propagates routes learned from Overlay to the Uplink with the Neighbor flag.
      Networks The Network the BGP will advertise in the format 10.10.10.10/21.

    9. Click OK to save the configurations.
      Note: If you checked the Default Route checkbox located in the Additional Settings area, please be aware of the following four scenarios:
      • If the global Default Route option is enabled with the "Conditional” option selected, and the per BGP neighbor option Default Route is not selected, BGP will Redistribute the default route to its neighbor only when the Edge learns an explicit default route via overlay or underlay.
      • If the global Default Route option is enabled with the “Conditional” option selected, and the per BGP neighbor option Default Route is selected, the Per Neighbor configuration overrides the Global configuration hence “Advertise default route to BGP peer Always.”
      • If the global Default Route option is not enabled and the per BGP neighbor option Default Route is selected, Advertise default route to BGP peer Always.
      • If the global Default Route option is not enabled and per the BGP neighbor option Default Route is not selected, Do not Advertise/Redistribute default route to BGP peer.
Note: All the above options are available at the Edge level and can be configured with Edge override enabled for BGP settings.