Border Gateway Protocol (BGP) is the primary internet
routing protocol. BGP determines network reachability based on IP
prefixes that are available within autonomous systems (AS), where
an AS is a set of IP prefixes that a network provider has designated
to be part of a single routing policy.
In the routing process, connections are established between BGP
peers (or neighbors). If a route is permitted by the policy, it
is stored in the routing information base (RIB). Each time the local
firewall RIB is updated, the firewall determines the optimal routes
and sends an update to the external RIB, if export is enabled.
Conditional advertisement is used to control how BGP routes are
advertised. The BGP routes must satisfy conditional advertisement
rules before being advertised to peers.
BGP supports the specification of aggregates, which combine multiple
routes into a single route. During the aggregation process, the
first step is to find the corresponding aggregation rule by performing
a longest match that compares the incoming route with the prefix
values for other aggregation rules.
The firewall provides a complete BGP implementation, which includes
the following features:
Specification of one BGP routing instance per virtual
Routing policies based on route-map to control import, export
and advertisement, prefix-based filtering, and address aggregation.
Advanced BGP features that include route reflector, BGP Confederations,
route flap dampening, and graceful restart.
IGP-BGP interaction to inject routes to BGP using redistribution
BGP configuration consists of the following elements:
Per-routing-instance settings, which include basic parameters
such as local route ID and local AS and advanced options such as
path selection, route reflector, AS confederation, route flap, and
Authentication profiles, which specify the MD5 authentication
key for BGP connections. Authentication helps prevent route leaking
and successful DoS attacks.
Peer group and neighbor settings, which include neighbor
address and remote AS and advanced options such as neighbor attributes
Routing policy, which specifies rule sets that peer groups
and peers use to implement imports, exports, conditional advertisements,
and address aggregation controls.