End-of-Life (EoL)

BGP

Border Gateway Protocol (BGP) is the primary internet routing protocol. BGP determines network reachability based on IP prefixes that are available within autonomous systems (AS), where an AS is a set of IP prefixes that a network provider has designated to be part of a single routing policy.
In the routing process, connections are established between BGP peers (or neighbors). If a route is permitted by the policy, it is stored in the routing information base (RIB). Each time the local firewall RIB is updated, the firewall determines the optimal routes and sends an update to the external RIB, if export is enabled.
Conditional advertisement is used to control how BGP routes are advertised. The BGP routes must satisfy conditional advertisement rules before being advertised to peers.
BGP supports the specification of aggregates, which combine multiple routes into a single route. During the aggregation process, the first step is to find the corresponding aggregation rule by performing a longest match that compares the incoming route with the prefix values for other aggregation rules.
The firewall provides a complete BGP implementation, which includes the following features:
  • Specification of one BGP routing instance per virtual router.
  • Routing policies based on route-map to control import, export and advertisement, prefix-based filtering, and address aggregation.
  • Advanced BGP features that include route reflector, BGP Confederations, route flap dampening, and graceful restart.
  • IGP-BGP interaction to inject routes to BGP using redistribution profiles.
BGP configuration consists of the following elements:
  • Per-routing-instance settings, which include basic parameters such as local route ID and local AS and advanced options such as path selection, route reflector, AS confederation, route flap, and dampening profiles.
  • Authentication profiles, which specify the MD5 authentication key for BGP connections. Authentication helps prevent route leaking and successful DoS attacks.
  • Peer group and neighbor settings, which include neighbor address and remote AS and advanced options such as neighbor attributes and connections.
  • Routing policy, which specifies rule sets that peer groups and peers use to implement imports, exports, conditional advertisements, and address aggregation controls.

Recommended For You