BGP Peer Group Tab
- Network > Virtual Router > BGP > Peer Group
A BGP peer group is a collection of BGP peers that share settings, such as the type of peer group (EBGP, for example), or the setting to remove private AS numbers from the AS_PATH list that the virtual router sends in Update packets. BGP peer groups save you from having to configure multiple peers with the same settings. You must configure at least one BGP peer group in order to configure the BGP peers that belong to the group.
BGP Peer Group Settings
Enter a name to identify the peer group.
Select to activate the peer group.
Aggregated Confed AS Path
Select to include a path to the configured aggregated confederation AS.
Soft Reset with Stored Info
Select to perform a soft reset of the firewall after updating the peer settings.
Specify the type of peer or group and configure the associated settings (see below in this table for descriptions of Import Next Hop and Export Next Hop).
Import Next Hop
Choose an option for next hop import:
Export Next Hop
Choose an option for next hop export:
Remove Private AS
Select to remove private autonomous systems from the AS_PATH list.
Add a New BGP peer and enter a name to identify it.
Select to activate the peer.
Specify the autonomous system (AS) of the peer.
Enable MP-BGP Extensions
Enables the firewall to support the Multiprotocol BGP Address Family Identifier for IPv4 and IPv6 and Subsequent Address Family Identifier options per RFC 4760.
Address Family Type
Select either the IPv4 or IPv6 address family that BGP sessions with this peer will support.
Subsequent Address Family
Select either the Unicast or Multicast subsequent address family protocol the BGP sessions with this peer will carry.
Choose a firewall interface.
Choose a local IP address.
Peer Address—Type and Address
Select the type of address that identifies the peer:
BGPPeer GroupPeerConnection Options
Select a profile or select New Auth Profile from the drop down. Enter a Profile Name and the Secret, and Confirm Secret.
Keep Alive Interval
Specify an interval after which routes from a peer are suppressed according to the hold time setting (range is 0-1,200 seconds; default is 30 seconds).
Set the time-to-live (TTL) value in the IP header (range is 1-255; default is 0). The default value of 0 means 2 for eBGP prior to PAN-OS 8.0.2; it means 1 beginning with PAN-OS 8.0.2. The default value of 0 means 255 for iBGP.
Open Delay Time
Specify the delay time between opening the peer TCP connection and sending the first BGP open message (range is 0-240 seconds; default is 0 seconds).
Specify the period of time that may elapse between successive KEEPALIVE or UPDATE messages from a peer before the peer connection is closed (range is 3-3,600 seconds; default is 90 seconds).
Idle Hold Time
Specify the time to wait in the idle state before retrying connection to the peer (range is 1-3,600 seconds; default is 15 seconds).
Incoming Connections—Remote Port
Specify the incoming port number and Allow traffic to this port.
Outgoing Connections—Local Port
Specify the outgoing port number and Allow traffic from this port
Select the type of reflector client (Non-Client, Client, or Meshed Client). Routes that are received from reflector clients are shared with all internal and external BGP peers.
Specify a Bilateral peer or leave Unspecified.
Specify the maximum number of supported IP prefixes (1‑100,000 or unlimited).
Enable Sender Side Loop Detection
Enable to cause the firewall to check the AS_PATH attribute of a route in its FIB before it sends the route in an update, to ensure that the peer AS number is not on the AS_PATH list. If it is, the firewall removes it to prevent a loop. Usually the receiver does loop detection, but this optimization feature has the sender do loop detection.
To enable Bidirectional Forwarding Detection (BFD) for a BGP peer (and thereby override the BFD setting for BGP, as long as BFD is not disabled for BGP at the virtual router level), select the default profile (default BFD settings), an existing BFD profile, Inherit-vr-global-setting (to inherit the global BGP BFD profile), or New BFD Profile (to create a new BFD profile). Disable BFD disables BFD for the BGP peer.
If you enable or disable BFD globally, all interfaces running BGP will be taken down and brought back up with the BFD function. This can disrupt all BGP traffic. When you enable BFD on the interface, the firewall will stop the BGP connection to the peer to program BFD on the interface. The peer device will see the BGP connection drop, which can result in a reconvergence that impacts production traffic. Therefore, enable BFD on BGP interfaces during an off-peak time when a reconvergence will not impact production traffic.
Configure BGP Perform the following task to configure BGP. Configure general virtual router configuration settings. See Virtual Routers for details. Enable BGP for the virtual ...
Configure BFD After you read the BFD Overview , which includes firewall models and interfaces supported, perform the following before configuring BFD: Configure one or ...
Configure a BGP Peer with MP-BGP for IPv4 or IPv6 Unicast
Configure a BGP Peer with MP-BGP for IPv4 or IPv6 Unicast After you Configure BGP , configure a BGP peer with MP-BGP for IPv4 or ...
BGP Advanced Tab
BGP Advanced Tab Network > Virtual Router > BGP > Advanced Advanced BGP settings include a variety of capabilities. You can run ECMP over multiple ...
Basic BGP Settings
Basic BGP Settings To use BGP on a virtual router, you must enable BGP and configure the Router ID and AS Number; enabling BFD is ...
Configure a BGP Peer with MP-BGP for IPv4 Multicast
Configure a BGP Peer with MP-BGP for IPv4 Multicast After you Configure BGP , configure a BGP peer with MP-BGP for IPv4 multicast if you ...
BGP Conditional Adv Tab
BGP Conditional Adv Tab Network > Virtual Router > BGP > Conditional Adv A BGP conditional advertisement allows you to control which route to advertise ...
BGP Import and Export Tabs
BGP Import and Export Tabs Network > Virtual Router > BGP > Import Network > Virtual Router > BGP > Export Add a new Import ...
BGP Aggregate Tab
BGP Aggregate Tab Network > Virtual Router > BGP > Aggregate Route aggregation is the act of combining specific routes (those with a longer prefix ...