BGP Overview
BGP functions between autonomous systems (exterior BGP
or eBGP) or within an AS (interior BGP or iBGP) to exchange routing
and reachability information with BGP speakers. The firewall provides
a complete BGP implementation, which includes the following features:
- Specification of one BGP routing instance per virtual router.
- BGP settings per virtual router, which include basic parameters
such as local route ID and local AS, and advanced options such as
path selection, route reflector, BGP
Confederations, route flap dampening, and graceful restart.
- Peer group and neighbor settings, which include neighbor address
and remote AS, and advanced options such as neighbor attributes
and connections.
- Route policies to control route import, export and advertisement;
prefix-based filtering; and address aggregation.
- IGP-BGP interaction to inject routes to BGP using redistribution
profiles.
- Authentication profiles, which specify the MD5 authentication
key for BGP connections. Authentication helps prevent route leaking
and successful DoS attacks.
- Multiprotocol BGP (MP-BGP) to allow BGP peers to carry IPv6
unicast routes and IPv4 multicast routes in Update packets, and
to allow the firewall and a BGP peer to communicate with each other
using IPv6 addresses.
- Beginning with PAN-OS 10.0.5, BGP supports a maximum of 255
AS numbers in an AS_PATH list for a prefix.