Configuring Border Gateway Protocol (BGP) must be completed on an existing NetCloud Exchange Secure Connect network. Routing protocol configuration is not available during first-time set up of a Secure Connect network.
Complete the following steps to configure BGP on an existing Secure Connect network:
Log into NetCloud Manager.
Select in the left-side navigation panel.
Select the name of the Secure Connect network.
Select the Configuration tab.
Select the Routing tab.
Enable Protocol Configuration to continue configuring BGP.
Select or from the drop-down menu.
eBGP – The External Border Gateway Protocol (eBGP) is the protocol used to exchange routing information between different autonomous systems (inter-domain routing).
iBGP – The Internal Border Gateway Protocol (iBGP) is the internal application of the protocol used to exchange routing information within the same autonomous system.
Optional: Click Advanced to open the BGP Timer Fields panel.
Enter the Connect Retry value.
Enter the Hold Time in seconds.
Enter the Keep Alive Interval in seconds.
Enter the Advertisement Interval in seconds.
Optional: Select Secondary Timers Differ and enter the timers' values for the secondary NCX Service Gateway, if needed.
Select .
Complete the following steps for the primary NCX Service Gateway:
Note
Use a private Autonomous System Number (ASN), 64512 to 65535, or one provided by the Internet Assigned Numbers Authority (IANA).
Enter the Router-ID.
The ID must be unique to the entire BGP domain or autonomous system.
Enter the Local ASN which is associated to the NCX Service Gateway or service gateways.
If eBGP was selected, enter the Multi-hop Value to set the number of BGP connection attempts to external peers residing on networks that are not directly connected.
Enter the Primary BGP Neighbor IP.
This is the peer address with whom to neighbor for the primary path.
Enter the Secondary BGP Neighbor IP.
This is the peer address with whom to neighbor for the secondary path.
Enter the Primary Peer Remote ASN.
This is the ASN to be peering with for the primary path.
Enter the Secondary Peer Remote ASN.
This is the ASN to be peering with for the secondary path.
Repeat the above steps if the network is configured with a secondary NCX Service Gateway.
Complete the following steps to add a BGP inbound prefix policy:
Note
Prefix lists control which IP addresses can enter or leave the network. When using BGP, by default there is an explicit deny rule at the bottom of each inbound and outbound set of policies.
At least one inbound prefix policy is required.
Select .
Enter a descriptive name for the policy.
Enter the IP Address in CIDR Format.
The IP address allows for filtering which range is accepted based on the greater than or equal to (GE) and less than or equal to (LE) values.
Enter the GE Value.
Used with the IP address to filter which networks are advertised.
Enter the LE Value.
Used with the IP address to filter which networks are advertised.
Select or in the Permission drop-down menu.
Select .
If needed, hover over the drag handle (=) to drag and drop the new access policy to its proper location in the policy hierarchy.
Complete the following steps to add a BGP outbound prefix policy:
Select .
Enter a descriptive name for the policy.
Enter the IP Address in CIDR Format.
The IP address allows for filtering which range is advertised based on the GE and LE values.
Enter the GE Value.
Used with the IP address to filter which networks are advertised.
Enter the LE Value.
Used with the IP address to filter which networks are advertised.
Select or in the Permission drop-down menu.
Select .
If needed, hover over the drag handle (=) to drag and drop the new access policy to its proper location in the policy hierarchy.
Select .
Continue with Setting up the BGP wan0 Tracker.