X. WAN

Configuring Border Gateway Protocol (BGP) with Vigor 2960 & Vigor 3900 Routers

Products:
Vigor 2960
Vigor 3900
Keywords:
backup
bgp
border
border gateway protocol
Show all

Configuring Border Gateway Protocol (BGP) with Vigor 2960 & Vigor 3900 Routers

In a simple office/home Internet connection, you have a single ISP and single local subnet so your router only has to decide if an IP destination is local (within your LAN) or not. If the destination is not local, the router just forwards the datagram on to your ISP. Job done. Once on the Internet, it's not so simple; An ISP will likely have multiple peers (connections to other ISPs) so it has to know which of its peers can deliver the packet to the destination, and which can do so most efficiently.

Border Gateway Protocol (BGP) is the method by which routers on the Internet can tell each other that they can reach a particular destination (IP address). They are the 'road signs' or the SatNav for your data. BGP can also be used between private networks - referred to as 'Autonomous Systems' or 'AS' in the context of BGP - to exchange information about multiple private subnets reachable within each AS - that would commonly be used between a pair (or more) of remote corporate locations.

BGP is an exterior Gateway Protocol (EGP). It operates outside of your private network (your autonomous system or 'AS') on the Internet. It is distinct from Interior Gateway protocols like RIP, OSPG and EIGRP which runs inside your network. BGP can also operate inside your AS (where iBGP peers exist). A unique ASN (Autonomous System Number) is allocated (by IANA) for your system. You can also create your own private AS if it's not going to get onto the Internet - there are allocated ranges for private usage.

It's vital that your BGP management configuration is managed competently. An error would be the equivalent of changing a sign on the highway - everyone would end up in the wrong place and never get to their destinations.

One of the biggest BGP disasters was caused by Pakistani Telecom trying to block YouTube throughout Pakistan. They issued deliberately false BGP routing but it propagated outside of Pakistan and spread across the Internet, causing YouTube to be unavailable for the whole world - imagine, no funny cat videos or make-up tutorials for 24 hours! There have been other incidents of the BGP table being deliberately poisoned. On a smaller scale, if you get it wrong, you can take your own domain offline and make it unreachable. Once you fix it, it takes time for the corrected routing information to propagate again.


DrayTek Vigor 2960 and Vigor 3900 routers support Border Gateway Protocol across either the LAN (local) interface or the WAN (Internet / Private WAN) interfaces.

This setup guide demonstrates how to configure BGP across LAN or WAN interfaces in the tabs below.

BGP Setup on WAN

Setting up Border Gateway Protocol across a WAN interface

Setting up BGP across a WAN link requires a direct link or private WAN connection between the two points. The purpose of the BGP link between the two networks is to simplify the management of LAN subnets between the two routers - once BGP is configured, the router of Site A will be able to automatically update the routing configuration of Site B when the LAN configuration of Site A changes.

This setup guide refers to a Vigor 2960 router at Site A (172.16.x.x) and a Vigor 3900 at Site B (10.0.x.x) as shown in the network diagram below. The two routers are connected to each other via a WAN link that connects one router's WAN port directly to the other router's WAN port.

Site A (Vigor 2960) has three networks available:

  1. 172.16.1.0/24 (172.16.1.1 to 172.16.1.255)
  2. 172.16.2.0/24 (172.16.2.1 to 172.16.2.255)
  3. 172.16.3.0/24 (172.16.3.1 to 172.16.3.255)

Site B (Vigor 3900) has three networks available:

  1. 10.0.1.0/24 (10.0.1.1 to 10.0.1.255)
  2. 10.0.2.0/24 (10.0.2.1 to 10.0.2.255)
  3. 10.0.3.0/24 (10.0.3.1 to 10.0.3.255)

This setup guide will refer to the Site A router as "Vigor 2960" and the Site B router as "Vigor 3900".

Vigor2960 - Site A - BGP Configuration

1. Go to [WAN] > [General Setup] and add a WAN profile for connecting to the Vigor3900.

  1. Select Static for IPv4 Protocol

b. Go to Static tab, and give it an IP address, in this example, 192.168.200.x will be used as the WAN interface IP range:

2. Go to [Routing] > [BGP Configuration] > [BGP Configuration] tab

  1. Check Enable
  2. Give it a unique Autonomous System Number
  3. Add the LAN network that should be advertised to Vigor3900 into Static Networks
  4. Click Apply

3. Go to [Routing] > [BGP Configuration] > [Neighbor] tab and click Add to create a new profile:

  1. Give a profile name and enable it
  2. For Neighbor IP Address, type the IP of the WAN interface on Vigor3900 which will be connected to Vigor2960.
  3. Type the Autonomous System Number (ASN) of Vigor3900
  4. Enable MD5 Auth for higher security
  5. Click Apply


Vigor3900 - Site B - BGP Configuration

4. Similarly, on the Vigor3900, go to [WAN] > [General Setup] and edit WAN profile for connecting to Vigor2960.

  1. Select Static for IPv4 Protocol

b. Go to the Static tab, and give it an IP address in the same subnet as the Vigor 2960's WAN interface:

5. Go to [Routing] > [BGP Configuration] > [BGP Configuration] tab

  1. Check Enable
  2. Give a unique Autonomous System Number
  3. Add the LAN network that should be advertised to Vigor2960 into Static Networks
  4. click Apply

6. Go to [Routing] > [BGP Configuration] > [Neighbor] tab and click Add

  1. Give a profile name and enable it
  2. For Neighbor IP Address, type the IP of the WAN interface on Vigor2960 which will be physically connected to Vigor3900 (which is 192.168.200.2 in this example).
  3. Type the Autonomous System Number of Vigor2960
  4. Enable MD5 Auth for higher security
  5. Click Apply


Check BGP connectivity

7. Connect Vigor2960's and Vigor3900's on the WAN interface we just configured. Go to [Routing] > [BGP Configuration] > [Neighbor Status] tab, and check if the state is "established" on the both routers.

8. After the BGP connection is established, we can check if the router has learned the routing information from the BGP neighbor by going to [Diagnostics] > [Routing Table]. If all the settings are correct, we should see the routes to Vigor3900's LAN network has been added to Vigor2960's Routing Table automatically.

9. If the network configuration is changed by adding or deleting static networks on the BGP Configuration page, the routing table of the BGP Neighbor will change accordingly.

For example, if we delete a static network on Vigor2960, in the [Routing] > [BGP Configuration] > [BGP Configuration] tab:

The deleted network will be cleared from Vigor3900's Routing Table.


How do you rate this article?

1 1 1 1 1 1 1 1 1 1