You can configure a Gateway to hand off to Partners. The Gateway acts as a Partner Gateway that enables you to configure the Hand off Interface, Static Routes, BGP, and other settings.
Ensure that the Gateway to be handed off is assigned with Partner Gateway Role. In the Orchestrator portal (Operator or Partner), click Gateways and click the link to an existing Gateway. In the Properties section of the selected Gateway's Overview page, you can enable the Partner Gateway role as shown in the following screenshot.
Procedure:To configure the handoff settings, perform the following steps:
- Log in to the SASE Orchestrator as a Partner user.
- Navigate to Customers & Partners > Manage Customers.
- In the Manage Customers window, click the link of the desired customer.
- Go to .
- In the Customer Configuration window, scroll down to Additional Configuration and expand the Gateway Pool area.
- Turn on the Partner Hand Off toggle button.
- In the Configure Hand Off area, configure the following fields in the table below:
Option Description Configure Hand Off By default, the hand off configuration is applied to all the Gateways. If you want to configure a specific Gateway, choose Per Gateway, and then select the Gateway from the drop-down list. Segment By default, Global Segment is selected, which means that the hand off configuration is applied to all the segments. If you want to configure a specific segment, select the segment from the drop-down menu. Hand Off Interface This section displays the values that are configured on the Configure BGP and BFD page. Customer BGP Priority Select the check box and configure the Community Mapping details. - At the bottom of the Per Customer Hand Off – Global Segment area, click the Configure BFD & BGP link, as shown in the image below.
The Configure BGP and BFD screen displays, as shown in the image below.
- Open the General & Hand Off Tag section and turn the BGP option to the On position. See figure below.
- Scroll down to the BGP section and click the arrow to display the BGP section.
- Configure the fields in the table below.
Option Description Hand Off Tag Tag Type Choose the tag type, which is the encapsulation, in which the Gateway hands off customer traffic to the Router. The following are the types of tags available: - None: Untagged. Choose this during single tenant hand off or a hand off towards shared services VRF.
- 802.1Q: Single VLAN tag
- 802.1ad / QinQ(0x8100) / QinQ(0x9100): Dual VLAN tag
Customer ASN Enter the Customer Autonomous System Number. Hand Off Interface: You can configure the following settings for IPv4 and IPv6. Local IP Address Enter the Local IP address for the logical Hand Off interface. Use for Private Tunnels Select the check box so that private WAN links connect to the private IP address of the Partner Gateway. If private WAN connectivity is activated on a Gateway, the Orchestrator audits to ensure that the local IP address is unique for each Gateway within an Enterprise. Advertise Local IP Address via BGP Select the check box to automatically advertise the private WAN IP of the Partner Gateway through BGP. The connectivity is provided using the existing Local IP address. Static Routes: You can add, delete, or clone a static route. Subnets Enter the IP address of the Static Route Subnet that the Gateway should advertise to the Edge. Cost Enter the cost to apply weightage on the routes. The range is from 0 to 255. Encrypt Select the check box to encrypt the traffic between Edge and Gateway. Hand off Select the hand off type as either VLAN or NAT. Description Enter a descriptive text for the static route. This field is optional. BFD: Turn the toggle button to On to activate this section. Peer Address Enter the IP address of the remote peer to initiate a BFD session. Detect Multiplier Enter the detection time multiplier. The remote transmission interval is multiplied by this value to determine the detection timer for connection loss. The range is from 3 to 50. Receive Interval Enter the minimum time interval, in milliseconds, at which the system can receive the control packets from the BFD peer. The range is from 300 to 60000 milliseconds. Local Address Enter a locally configured IP address for the peer listener. This address is used to send the packets. Transmit Interval Enter the minimum time interval, in milliseconds, at which the system can send the control packets from the BFD peer. The range is from 300 to 60000 milliseconds. BGP: Turn the toggle button to On to activate this section. Neighbor IP Enter the IP address of the configured BGP neighbor network. Secure BGP Routes Select the check box to allow encryption for data-forwarding over BGP routes. Max-hop Enter the number of maximum hops to allow multi-hop for the BGP peers. The range for Max-hop is from 1 to 255, and the default value is 1. Note: This field is available only for eBGP neighbors, when the local ASN and the neighboring ASN are different.Next Hop IP Enter the next-hop IP address to be used by BGP to reach the multi-hop BGP peer. Note: This option is available only for multi-hop eBGP with Max-hop count greater than 1.Neighbor-ASN Enter the Autonomous System Number of the Neighbor network. BGP Local IP Local IP address is the equivalent of a loopback IP address. Enter an IP address that the BGP neighborships can use as the source IP address for the outgoing BGP packets. Note: The BGP Local IP address must be from a different subnet than a handoff IP address.If you do not enter any value, the IP address of the Hand Off Interface is used as the source IP address.
BGP Inbound Filters Displays the BGP inbound filters. BGP Outbound Filters Displays the BGP outbound filters. BGP Optional Settings BFD Select the check box to subscribe to the BFD session. Router-ID Enter the Router ID to identify the BGP Router. Keep Alive Enter the BGP Keep Alive time in seconds. The default timer is 60 seconds. Hold Timers Enter the BGP Hold time in seconds. The default timer is 180 seconds. Turn off AS-PATH Carry Over Select the check box to turn off AS-PATH carry over, which influences the outbound AS-PATH to make the L3-routers prefer a path towards a PE. If you select this option, ensure to tune your network to avoid routing loops. It is recommended not to select this check box. MD5 Auth Select the check box to activate BGP MD5 authentication. This option is used in a legacy network or federal network, and is used as a security guard for BGP peering. MD5 Password Enter a password for MD5 authentication. Note: Starting from the 4.5 release, the use of the special character "<" in the password is no longer supported. In cases where users have already used "<" in their passwords in previous releases, they must remove it to save any changes on the page.Route Summarization is new for the 5.2 release. For an overview, use case, and black hole routing details for Route Summarization, see the section titled, Route Summarization in the VMware SD-WAN Administration Guide. For Route Summarization configuration details, follow the steps below:
- If applicable, configure for Route Summarization.
- Scroll down to the Route Summarization area in the BGP section.
- Configure the Route Summarization fields, as described in the table below:
Option Description +Add Click +Add to add a new row in the Route Summarization area. Note: To add additional rows to configure Route Summarization, click +Add. To Clone or Delete a route summarization, use the appropriate buttons, located next to +Add.Subnet column Under the Subnet column, enter the IP subnet. AS Set column Generate AS set path information from the summarized routes (while advertising the summarized route to the peer). Under the AS Set column, click the Yes check box if applicable. Summary Only column Under the Summary Only column, click the Yes check box to allow only the summarized route to be sent. - Click Update to save the settings.