BGP Configuration/BGP multihoming with single ISP- Dual Homed
Description
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Devices not Supported: TZ 300/ 300W
What is BGP?
BGP is a large-scale routing protocol used to communicate routing information between Autonomous Systems (ASs), which are well-defined, separately administered network domains. BGP support allows for SonicWall security appliances to replace a traditional BGP router on the edge of a network's AS. The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. SonicWall BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. BGP is configured through the SonicOS Command Line Interface (CLI).
Autonomous Systems
Each Autonomous System has a 16-bit number assigned. Like IP addresses, an AS number may be public or private. Public AS numbers are a limited resource and are provisioned based on a number of factors. ISP customers with large networks multi-homed to two or more ISPs usually have a public AS, whereas smaller customers will be given a private AS administered by their ISP provider
SonicWall supports 2- Byte and 4- Byte ASN
Default is 2- Byte
How Does BGP Work?
BGP uses TCP port 179 for communication. BGP is considered a path-vector protocol, containing end-to-end path descriptions for destinations. BGP neighbors can either be internal (iBGP) or external (eBGP): iBGP Neighbor is in the same AS.
eBGP Neighbor is in a different AS. Paths are advertised in UPDATE messages that are tagged with various path attributes. AS_PATH and NEXT_HOP are the two most important attributes that describe the path of a route in a BGP update message.
AS_PATH: Indicates the ASs that the route is traveling from and two. In the example below, the AS_PATH is from AS 7675 to AS 12345. For internal BGP, the AS_PATH specifies the same AS for both the source and destination.
NEXT_HOP: Indicates the IP address of the next router the path travels to. Paths advertised across AS boundaries inherit the NEXT_HOP address of the boundary router. BGP relies on interior routing protocols to reach NEXT_HOP addresses.
BGP Messages
BGP communication includes the following types of messages
Open The first message between BGP peers after TCP session establishment. Contains the necessary information to establish a peering session, e.g. ASN, hold time, and capabilities such as multi-product extensions and route-refresh.
Update These messages contain path information, such as route announcements or withdrawals.
Keepalive Periodic messages to keep TCP layer up, and to advertise liveliness.
Notification A request to terminate the BGP session. Non-fatal notifications contain the error code "cease". Subcodes provide further detail:
Enable advanced routing and BGP(Configure Via CLI)
Before enabling check for the sonicOS Expanded License
- Click Manage in the top navigation menu
- Navigate to Network | Routing
- Click on Settings Tab
- Under the Routing Mode Drop down Select Advanced Routing
Click on OK to proceed and configure BGP from CLI
BGP configuration for Multihoming with single ISP
CLI Commands
admin@C0EAE45BFE7A> configure
config(C0EAE45BFE7A)# routing
(config-routing)# bgp
ZebOS version 7.7.0 IPIRouter7/2009
ARS BGP>configure terminal
ARS BGP(config-router)>router bgp 100
ARS BGP(config-router)>network 192.168.1.0/24 <>
ARS BGP(config-router)>network 192.168.2.0/24
ARS BGP(config-router)>neighbor 1.1.1.2 remote-as 200
ARS BGP(config-router)>neighbor 1.1.1.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 remote-as 200
ARS BGP(config-router)>neighbor 2.2.2.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 route-map ROUTE-ADVTISED out <>
ARS BGP(config-router)>ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
ARS BGP(config-router)>route-map ROUTE-ADVTISED permit 10
ARS BGP(config-route-map)>set as-path prepend100 100 100
ARS BGP(config-router)>Ctrl+Z
ARS BGP> Write
ARS BGP> Exit
config(C0EAE45BFE7A)#commit
Commands to check:
config(C0EAE45BFE7A)# show routing bgp [neighbor|summary]
config(C0EAE45BFE7A)# show routing bgp
config-routing)# show routing nsm database <>
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
C *> 127.0.0.0/8 is directly connected, lo0
S *> 172.27.60.0/24 [1/1] via 172.27.76.1, X0
C *> 172.27.76.0/24 is directly connected, X0
C *> 192.168.176.0/24 is directly connected, X1
B 2.0.0.0/8 [20/0] via 150.10.10.2, 00:04:23
[20/0] via 160.20.20.2, 00:04:01
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
What is BGP?
BGP is a large-scale routing protocol used to communicate routing information between Autonomous Systems (ASs), which are well-defined, separately administered network domains. BGP support allows for SonicWall security appliances to replace a traditional BGP router on the edge of a network's AS. The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. SonicWall BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. BGP is configured through the SonicOS Command Line Interface (CLI).
Autonomous Systems
Each Autonomous System has a 16-bit number assigned. Like IP addresses, an AS number may be public or private. Public AS numbers are a limited resource and are provisioned based on a number of factors. ISP customers with large networks multi-homed to two or more ISPs usually have a public AS, whereas smaller customers will be given a private AS administered by their ISP provider
SonicWall supports 2- Byte and 4- Byte ASN
Default is 2- Byte
How Does BGP Work?
BGP uses TCP port 179 for communication. BGP is considered a path-vector protocol, containing end-to-end path descriptions for destinations. BGP neighbors can either be internal (iBGP) or external (eBGP): iBGP Neighbor is in the same AS.
eBGP Neighbor is in a different AS. Paths are advertised in UPDATE messages that are tagged with various path attributes. AS_PATH and NEXT_HOP are the two most important attributes that describe the path of a route in a BGP update message.
AS_PATH: Indicates the ASs that the route is traveling from and two. In the example below, the AS_PATH is from AS 7675 to AS 12345. For internal BGP, the AS_PATH specifies the same AS for both the source and destination.
NEXT_HOP: Indicates the IP address of the next router the path travels to. Paths advertised across AS boundaries inherit the NEXT_HOP address of the boundary router. BGP relies on interior routing protocols to reach NEXT_HOP addresses.
BGP Messages
BGP communication includes the following types of messages
Open The first message between BGP peers after TCP session establishment. Contains the necessary information to establish a peering session, e.g. ASN, hold time, and capabilities such as multi-product extensions and route-refresh.
Update These messages contain path information, such as route announcements or withdrawals.
Keepalive Periodic messages to keep TCP layer up, and to advertise liveliness.
Notification A request to terminate the BGP session. Non-fatal notifications contain the error code "cease". Subcodes provide further detail:
Subcode Description
Sample BGP Packet Capture.
Enable advanced routing and BGP(Configure Via CLI)
BGP configuration for Multihoming with single ISP
CLI Commands
admin@C0EAE45BFE7A> configure
config(C0EAE45BFE7A)# routing
(config-routing)# bgp
ZebOS version 7.7.0 IPIRouter7/2009
ARS BGP>configure terminal
ARS BGP(config-router)>router bgp 100
ARS BGP(config-router)>network 192.168.1.0/24 <>
ARS BGP(config-router)>network 192.168.2.0/24
ARS BGP(config-router)>neighbor 1.1.1.2 remote-as 200
ARS BGP(config-router)>neighbor 1.1.1.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 remote-as 200
ARS BGP(config-router)>neighbor 2.2.2.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 route-map ROUTE-ADVTISED out <>
ARS BGP(config-router)>ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
ARS BGP(config-router)>route-map ROUTE-ADVTISED permit 10
ARS BGP(config-route-map)>set as-path prepend100 100 100 <>
ARS BGP(config-router)>Ctrl+Z
ARS BGP> Write
ARS BGP> Exit
config(C0EAE45BFE7A)#commit
Commands to check:
config(C0EAE45BFE7A)# show routing bgp [neighbor|summary]
config(C0EAE45BFE7A)# show routing bgp
config-routing)# show routing nsm database <>
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
C *> 127.0.0.0/8 is directly connected, lo0
S *> 172.27.60.0/24 [1/1] via 172.27.76.1, X0
C *> 172.27.76.0/24 is directly connected, X0
C *> 192.168.176.0/24 is directly connected, X1
B 2.0.0.0/8 [20/0] via 150.10.10.2, 00:04:23 <>
[20/0] via 160.20.20.2, 00:04:01
