You can configure a Gateway to handoff to Partners. The Gateway acts as a Partner Gateway and you can configure the Hand off Interface, Static Routes, BGP, BFD, and other settings.
Ensure that the Gateway to be handed off to the Production Orchestrator is assigned with Partner Gateway Role and Static Routes configured as per your topology requirements.
In the Orchestrator portal, click Gateways and click the link to an existing Gateway. In the Properties section of the selected Gateway, you can enable the Partner Gateway role.
To configure the handoff settings, go to the Customer Configuration page.
- In the Operator portal, click Manage Customers.
- Select the customer and click or click the link to the customer.
- In the customer or Enterprise portal, click .
- In the Customer Configuration, navigate to the Gateway Pool section and select the Enable Partner Handoff checkbox.
Configure the following settings:
Customer BGP Priority
- Click the IPv4 or IPv6 tabs and configure the settings accordingly.
- Select Enable Community Mapping to set the Community attributes, which would be tagged in the BGP advertised routes.
- The Community mapping is set to all the segments by default. If you want to configure the Community attributes for a specific segment, choose Per Segment, and select the Segment from the drop-down list.
- Select Community Additive checkbox to enable the additive option associated with a particular auto community configuration. This option preserves the incoming community attributes for a prefix received from the overlay and appends the configured auto community to the prefix, on the Partner Gateway. As a result, the MPLS PE side receives prefixes with all the community attributes including the auto community attributes.
- Enter the Community attributes in the Community and Community 2 fields. Click the plus (+) icon to add more community attributes.
Configure Hand Off
- By default, the handoff configuration is applied to all the Gateways. If you want to configure a specific Gateway, choose Per Gateway and select the Gateway from the drop-down list.
- By default, the handoff configuration is applied to Global Segment. If you want to configure a specific Segment, select the Segment from the drop-down list.
- For configuring all the Gateways, click the Edit option. If you have selected a particular Gateway, click the Click here to configure link.
The Hand Off Details window appears and you can configure the options show in the image below. See the table below for a description of the Hand Off Details options.
Option | Description |
---|---|
Hand Off Interface | |
Tag Type | Choose the tag type which is the encapsulation in which the Gateway hands off customer traffic to the Router. The following are the types of tags available:
|
Transport LAN VLAN | This option is available only when you choose the tag type as 802.1ad / QinQ(0x8100) / QinQ(0x9100). Choose the type of tag to configure the transport VLANs. |
C-Tag (Customer tag) | Enter the Customer VLAN tag |
S-Tag (Service tag) | Enter the service-provider-defined VLAN tag |
Enable BFD | Select the checkbox to enable BFD subscription for BGP neighbors and to configure the BFD settings. |
Enable BGP | Select the checkbox to enable BGP and set up the BGP configuration. |
Customer ASN | Enter the customer Autonomous System Number for BGP. |
Router ID | Enter the Router ID to identify the BGP Router. |
IPv4/IPv6 – Click the IPv4 or IPv6 tab to configure the following settings with IPv4 or IPv6 addresses. | |
Local IP Address | Enter the Local IPv4 or IPv6 address for the logical Handoff interface. |
Use for Private Tunnels | Select the checkbox so that private WAN links connect to the private IP address of the Partner Gateway. If private WAN connectivity is enabled on a Gateway, the Orchestrator audits to ensure that the local IP address is unique for each Gateway within an enterprise. |
Advertise via BGP | Select the checkbox to automatically advertise the private WAN IP of the Partner Gateway through BGP. The connectivity is provided using the existing Local IP address. |
Static Routes – Click the plus (+) icon to add more routes. | |
Subnets | Enter the IPv4 or IPv6 address of the Static Route Subnet that the Gateway should advertise to the Edge. |
Cost | Enter the cost to apply weightage on the routes. The range is from 0 to 255. |
Encrypt | Select the checkbox to encrypt the traffic between Edge and Gateway. |
Hand off | Select the handoff type as VLAN or NAT. |
Description | Optionally, enter a descriptive text for the static route. |
BFD | |
Peer Address | Enter the IPv4 or IPv6 address of the remote peer to initiate a BFD session. |
Local Address | Enter a locally configured IPv4 or IPv6 address for the peer listener. This address is used to send the packets. |
Detect Multiplier | Enter the detection time multiplier. The remote transmission interval is multiplied by this value to determine the detection timer for connection loss. The range is from 3 to 50 and the default value is 3. |
Receive Interval | Enter the minimum time interval, in milliseconds, at which the system can receive the control packets from the BFD peer. The range is from 300 to 60000 milliseconds and the default value is 300 milliseconds. |
Transmit Interval | Enter the minimum time interval, in milliseconds, at which the local system can send the BFD control packets. The range is from 300 to 60000 milliseconds and the default value is 300 milliseconds. |
BGP | |
Neighbor IP | Enter the IPv4 or IPv6 address of the configured BGP neighbor network. |
Neighbor-ASN | Enter the ASN of the Neighbor network. |
Secure BGP Routes | Select the checkbox to enable encryption for data-forwarding over BGP routes. |
Max-hop | Enter the number of maximum hops to enable multi-hop for the BGP peers. The range for Max-hop is from 1 to 255 and the default value is 1.
Note: This field is available only for eBGP neighbors configured with IPv4 address, when the local ASN and the neighboring ASN are different. Multi-hop is not supported for IPv6.
|
BGP Local IP |
Local IP address is the equivalent of a loopback IP address. Enter an IP address that the BGP neighborships can use as the source IP address for the outgoing BGP packets.
Note: The BGP Local IP address must be from a different subnet than a handoff IP address.
If you do not enter any value, the IP address of the Handoff Interface is used as the source IP address.
Note: For eBGP, this field is available only for BGP configured with IPv4 address and when Max-hop count is more than 1. This option is not supported for IPv6.
|
Next Hop IP | Enter the next-hop IP address which would be used by BGP to reach the multi-hop BGP peer.
Note: This field is available only for multi-hop eBGP configured with IPv4 address and with Max-hop count greater than 1. This option is not supported for IPv6.
|
BGP Inbound/Outbound Filters – Click the plus (+) icon to add more Filters. | |
Type (Match) | Choose the type of the BGP attribute to be considered for matching with the traffic flow. You can choose one of the following:
|
Value | Enter the value according to the BGP attribute selected as Type. |
Exact Match | Select the checkbox for matching the attributes exactly. |
Type (Action) | Choose the action to be performed if the match is True. You can either Permit or Deny the traffic. |
Set | You can set the values of the attributes for the routes matching the filter criteria. Choose from the following attributes, and enter the corresponding values to be set for the matching routes:
|
BGP Optional Settings | |
BFD | Select the checkbox to subscribe to the BFD session. |
Keep Alive | Enter the BGP Keep Alive time in seconds. The default timer is 60 seconds. |
Hold Timers | Enter the BGP Hold time in seconds. The default timer is 180 seconds. |
Turn off AS-PATH Carry Over | Select the checkbox to turn off AS-PATH carry over, which influences the outbound AS-PATH to make the L3-routers prefer a path towards a PE. If you select this option, ensure to tune your network to avoid routing loops. It is recommended not to select this checkbox. |
MD5 Auth | Select the checkbox to enable BGP MD5 authentication. This option is used in a legacy network or federal network, and is used as a security guard for BGP peering.
Note: Enabling MD5 authentication for BGP would render the Partner Gateway as non-FIPS compliant.
|
MD5 Password | Enter a password for MD5 authentication. |
The following image shows the Hand Off Details for IPv6:
After configuring the required settings, click Update to save them. In addition, click Save Changes in the Customer Configuration page to activate the settings.