Implementing the Border Gateway Protocol (BGP) dynamic routing protocol in your network lets the Socket make real-time routing decisions and can offer improved network performance and increased flexibility. The available BGP features and functionality are different for Socket sites and for sites configured for IPsec connections.
The process to define a BGP neighbor depends on the site connections:
Before you define a BGP neighbor, make sure that you are familiar with the Cato Socket implementation of BGP.
-
If your network needs to use the Floating Range feature for BGP, make sure that it is configured correctly for the BGP neighbors
-
If your network uses IPsec and BGP with cloud services, review the supported IPsec configurations
Floating ranges are global IP ranges that are not connected to a specific site, but can be learned from any site with a BGP neighbor. For example, in a Disaster Recovery (DR) scenario, many applications (such as VMware NSX) can move servers from one location to the other while maintaining their IP addresses. In these cases, BGP helps to update the remaining network objects and advertises where these servers now reside.
In addition, the Cato Socket cannot use a dynamic range of IP addresses in security and network rules. Use the Floating Range Global Setting to define a range of IP addresses in the Cato Management Application.
For sites that use IPsec connections to the Amazon Web Service (AWS) and Azure, these are the supported configurations:
-
Azure's implementation of IPsec IKEv1 does not support BGP
-
Azure IPsec IKEv2 supports BGP
-
Azure IPsec HA requires BGP
-
-
AWS IPsec IKEv1 and IKEv2 support BGP
-
For AWS, one BGP neighbor per VPN gateway is supported
Cato's ASN for BGP is a 2 bytes ASN, you can also establish BGP with 4 bytes ASN peers. This solution is according to RFC 4893.
The ASN value should be configured in AS-Plain format (i.e. 600000) and the 4 bytes ASN range is 1-4294967295. The following values are reserved and can't be used as a 4 bytes ASN:
-
65552-131071
-
4294967295
Configure the 4 bytes ASN value in the Peer field in AS-Plain format (e.g. 600000). Enter the Cato 2 bytes ASN for the BGP neighbor.
The Routing Table shows the AS Path according to the Peer value for the BGP neighbor.
This section explains how events are generated for updates and changes to BGP sessions and routes.
To show events for the BGP routing table:
-
From the navigation menu, click Monitoring > Events.
The Events screen opens and shows events for All Sites & Users.
-
In the Fields section, enter BGP in the search box.
The window only shows events related to the BGP routing table.
Event Type |
Action |
Description |
---|---|---|
BGP Session |
Establish |
BGP session is established with the BGP neighbor |
BGP Session |
Disconnect |
BGP session is ended and the site is disconnected from the BGP neighbor |
BGP Routing |
Added |
BGP neighbor sends update that this route is added to the routing table |
BGP Routing |
Deleted |
BGP neighbor sends update that this route is deleted from the routing table |
BGP Routing |
BGP range ignored |
The advertised range for the BGP neighbor was ignored. This may be triggered by:
|
0 comments
Please sign in to leave a comment.