You can configure the BGP per segment at the Profile level as well as at the Edge level. This section provides steps on how to configure BGP with Underlay Neighbors.
About this task
VMware supports 4-Byte ASN BGP. See Configure BGP, for more information.
- In the SD-WAN service of the Enterprise Portal, click the Configure tab.
- From the left menu, select Profiles. The Profile page displays.
- Click a Profile from the list of available Profiles (or Add a Profile if necessary).
- Go to the Routing & NAT section and click the arrow next to BGP to expand.
- In the BGP area, toggle the radio button from Off to On.
- In the BGP area, enter the local Autonomous System Number (ASN) number in the appropriate text field.
- Configure the BGP Settings, as described in the table below.
Option Description Router ID Enter the global BGP router ID. If you do not specify any value, the ID is automatically assigned. If you have configured a loopback Interface for the Edge, the IP address of the loopback Interface will be assigned as the router ID. Keep Alive Enter the keep alive timer in seconds, which is the duration between the keep alive messages that are sent to the peer. The range is from 0 to 65535 seconds. The default value is 60 seconds. Hold Timer Enter the hold timer in seconds. When the keep alive message is not received for the specified time, the peer is considered as down. The range is from 0 to 65535 seconds. The default value is 180 seconds. Uplink Community Enter the community string to be treated as uplink routes.
Uplink refers to link connected to the Provider Edge(PE). Inbound routes towards the Edge matching the specified community value will be treated as Uplink routes. The Hub/Edge is not considered as the owner for these routes.
Enter the value in number format ranging from 1 to 4294967295 or in AA:NN format.
Enable Graceful Restart check box Please note when selecting this check box: The local router does not support forwarding during the routing plane restart. This feature supports preserving forwarding and routing in case of peer restart.
- Click +Add in the Filter List area to create one or more filters. These filters are applied to the neighbor to deny or change the attributes of the route. The same filter can be used for multiple neighbors.
- In the appropriate text fields, set the rules for the filter, as described in the table below.
Option Description Filter Name Enter a descriptive name for the BGP filter. Match Type and Value Choose the type of the routes to be matched with the filter:
- Prefix for IPv4 or IPv6: Choose to match with a prefix for IPv4 or IPv6 address and enter the
corresponding prefix IP address in the Value field.
- Community: Choose to match with a community and enter the community string in the Value field.
Exact Match The filter action is performed only when the Prosecutes match exactly with the specified prefix or community string. By default, this option is enabled. Action Type Choose the action to be performed when Thebes routes match with the specified prefix or the community string. You can either permit or deny the traffic.
Action Set When the BGP routes match the specified criteria, you can set to route the traffic to a network based on the attributes of the path. Select one of the following options from the drop-down list:
- None: The attributes of the matching routes remain the same.
- Local Preference: The matching traffic is routed to the path with the specified local preference.
- Community: The matching routes are filtered by the specified community string. You can also select the Community Additive check box to enable the additive option, which appends the community value to existing communities.
- Metric: The matching traffic is routed to the path with the specified metric value.
- Click the plus (+) icon to add more matching rules for the filter. Repeat the procedure to create more BGP filters.
The configured filters are displayed in the Filter List area.Note: The maximum number of supported BGPv4 Match/Set rules is 512 (256 inbound, 256 outbound). Exceeding 512 total Match/Set rules is not supported and may cause performance issues, resulting in disruptions to the enterprise network.
- Scroll down to the Neighbors area and click +Add.
- Configure the following settings for the IPv4 addressing type, as described in the table below.
Option Description Neighbor IP Enter the IPv4 address of the BGP neighbor ASN Enter the ASN of the neighbor Inbound Filter Select an Inbound filer from the drop-down list Outbound Filter Select an Outbound filer from the drop-down list Additional Options – Click the view all button to configure the following additional settings:
Option Description Max-hop Enter the number of maximum hops to enable multi-hop for the BGP peers. The range is from 1 to 255 and the default value is 1. Note: This field is available only for eBGP neighbors, when the local ASN and the neighboring ASN are different. With iBGP, when both ASNs are the same, multi-hop is inherent by default and this field is not configurable.Local IP Local IP address is the equivalent of a loopback IP address. Enter an IP address that the BGP neighborships can use as the source IP address forth outgoing packets. If you do not enter any value, the IP address of the physical Interface is used as the source IP address. Note: For eBGP, this field is available only when Max- hop count is more than 1. For iBGP, it is always available as iBGP is inherently multi-hop.Uplink Used to flag the neighbor type to Uplink. Select this flag option if it is used as the WAN overlay towards MPLS. It will be used as the flag to determine whether the site will become a transit site (e.g. SD-WAN Hub), by propagating routes leant over a SD-WAN overlay to a WAN link toward MPLS. If you need to make it a transit site, also check "Overlay Prefix Over Uplink" in the Advanced Settings area. Allow AS Select the check box to allow the BGP routes to be received and processed even if the Edge detects its own ASN in the AS-Path. Default Route The Default Route adds a network statement in the BGP configuration to advertise the default route to the neighbor. Enable BFD Enables subscription to existing BFD session for the BGP neighbor. Keep Alive Enter the keep alive timer in seconds, which is the duration between the keep alive messages that are sent to the peer. The range is from 0 to 65535 seconds. The default value is 60 seconds. Hold Timer Enter the hold timer in seconds. When the keep alive message is not received for the specified time, the peer is considered as down. The range is from 0 to 65535 seconds. The default value is 180 seconds. Connect Enter the time interval to try a new TCP connection with the peer if it detects the TCP session is not passive. The default value is 120 seconds. MD5 Auth Select the check box to enable BGP MD5 authentication. This option is used in a legacy network or federal network, and it is common that BGP MD5 is used as a security guard for BGP peering. MD5 Password Enter a password for MD5 authentication. Note: Starting from the 4.5 release, the use of the special character "<" in the password is no longer supported. In cases where users have already used "<" in their passwords in previous releases, they must remove it to save any changes on the page. - Click the Plus (+) Icon to add more BGP neighbors.
Note: Over Multi-hop BGP, the system might learn routes that require recursive lookup. These routes have a next-hop IP which is not in a connected subnet, and do not have a valid exit Interface. In this case, the routes must have the next-hop IP resolved using another route in the routing table that has an exit Interface. When there is traffic for destination that needs these routes to be looked up, routes requiring recursive lookup will get resolved to a connected Next Hop IP address and Interface. Until the recursive resolution happens, the recursive routes point to an intermediate Interface. For more information about Multi-hop BGP Routes, see the "Remote Diagnostic Tests on Edges" section in the VMware SD-WAN Troubleshooting Guide published at https://docs.vmware.com/en/VMware-SD-WAN/index.html.
- Scroll down to Advanced Settings and click the down arrow to open the Advanced Settings section.
- Configure the following advanced settings, as indicated in the following table, which are globally applied to all the BGP neighbors with IPv4 addresses.
Option Description Overlay Prefix Select the check box to redistribute the prefixes learned from the overlay. For example, when a Spoke is connected to primary and secondary Hub or Hub Cluster, the Spoke's subnets are redistributed by primary and secondary Hub or Hub Cluster to their neighbor with metric (MED) 33 and 34 respectively. You must configure "bgp always-compare-med" in the neighbor router for symmetric routing.Note: Prior to 5.1, the advertised MED values were starting from eight. From release 5.1 and later, the MED values advertised by HUB starts from 33.Turn off AS-Path carry over By default, this should be left unchecked. Select the check box to deactivate AS-PATH Carry Over. In certain topologies, deactivating AS-PATH Carry Over will influence the outbound AS-PATH to make the L3 routers prefer a path towards an Edge or a Hub. Warning:
When the AS-PATH Carry Over is deactivated, tune your network to avoid routing loops.
Connected Routes Select the check box to redistribute all the connected Interface subnets. OSPF Select the check box to enable OSPF redistribute into BGP. Set Metric When you enable OSPF, enter the BGP metric for the redistributed OSPF routes. The default value is 20. Default Route Select the check box to redistribute the default route only when Edge learns the BGP routes through overlay or underlay. When you select the Default Route option, the Advertise option is available as Conditional.
Overlay Prefixes over Uplink Select the check box to propagate routes learned from overlay to the neighbor with uplink flag. Networks Enter the network address in IPv4 format that BGP will be advertising to the peers. Click the plus + icon to add more network addresses. When you enable the Default Route option, the BGP routes are advertised based on the Default Route selection globally and per BGP neighbor, as shown in the following table:
Default Route Selection Advertising Options Global Per BGP Neighbor Yes Yes The per BGP neighbor configuration overrides the global configuration and hence default route is always advertised to the BGP peer. Yes No BGP redistributes the default route to its neighbor only when the Edge learns an explicit default route through the overlay or underlay network. No Yes Default route is always advertised to the BGP peer. No No The default route is not advertised to the BGP peer. - Click the IPv6 tab to configure the BGP settings for IPv6 addresses. Enter a valid IPv6 address of the BGP neighbor in the Neighbor IP field. The BGP peer for IPv6 supports the following address format:
- Global unicast address (2001:CAFE:0:2::1)
- Unique Local address (FD00::1234:BEFF:ACE:E0A4)
- Configure the other settings as required.
Note: The Local IP address configuration is not available for IPv6 address type.
- Click Advanced to configure the following advanced settings, which are globally applied to all the BGP neighbors with IPv6 addresses.
Option Description Connected Routes Select the check box to redistribute all the connected Interface subnets. Default Route Select the check box to redistribute the default route only when Edge learns the BGP routes through overlay or underlay.
When you select the Default Route option, the Advertise option is available as Conditional.
Networks Enter the network address in IPv6 format that BGP will be advertising to the peers. Click the Plus (+) Icon to add more network addresses. Route Summarization
The Route Summarization feature is available in the 5.2 release, for an overview and use case of this functionality, see Route Summarization. For configuration details, follow the steps below.
- Click +Add in the Route Summarization area. A new row is added to the Route Summarization area. See image below.
- Under the Subnet column, enter the network range that you want to summarize in the A.B.C.D/M format and the IP subnet.
- Under the AS Set column, click the Yes check box if applicable.
- 21 Under the Summary Only column, click the Yes check box to allow only the summarized route to be sent.
- Add additional routes, if necessary, by clicking +Add. To Clone or Delete a route summarization, use the appropriate buttons, located next to +Add.
The BGP Settings section displays the BGP configuration settings.
- Click Save Changes when complete to save the configuration.
Note: When you configure BGP settings for a profile, the configuration settings are automatically applied to the SD-WAN Edges that are associated with the profile.
You can also configure BGP for Non SD-WAN Destination Neighbors in an Edge. For more information, see Configure BGP Over IPsec from Edge to Non SD-WAN Neighbors.