Focus

PAN-OS Web Interface Help

BGP Routing for a Logical Router

Table of Contents

BGP Routing for a Logical Router

Configure BGP for the logical router to use to route BGP traffic.

Network > Routing> Logical Routers > BGP

The table describes the settings to configure BGP, peer groups, peers, and redistribution for a logical router.

BGP Settings	Description
General
Enable	Enable BGP for the logical router.
Router ID	Assign a Router ID to BGP for the logical router, which is typically an IPv4 address to ensure the Router ID is unique.
Local AS	Assign the local autonomous system (AS) to which the logical router belongs based on the Router ID (range for a 2-byte or 4-byte AS number is to 1 to 4,294,967,295).
ECMP Multiple AS Support	Enable if you configured ECMP and you want to run ECMP over multiple BGP autonomous systems.
Enforce First AS	Select to cause the firewall to drop an incoming Update message from an EBGP peer that does not list the EBGP peer’s own AS number as the first AS number in the AS_PATH attribute. (Enabled by default.)
Fast Failover	Fast failover of EBGP is enabled by default. Disable EBGP fast failover if it causes the firewall to unnecessarily withdraw BGP routes.
Default Local Preference	Specify the default local preference that can be used to determine preferences among different paths; range is 0 to 4,294,967,295; default is 100.
Graceful Restart—Enable	Enables graceful restart for BGP so that packet forwarding is not disrupted during a BGP restart (enabled by default).
Stale Route Time	Specify the length of time, in seconds, that a route can stay in the stale state (range is 1 to 3,600; default is 120).
Max Peer Restart Time	Specify the maximum length of time, in seconds, that the local device accepts as a grace period restart time for peer devices (range is 1 to 3,600; default is 120).
Path Selection—Always Compare MED	Select to choose paths from neighbors in different autonomous systems; default is disabled. The Multi-Exit Discriminator (MED) is an external metric that lets neighbors know about the preferred path into an AS. A lower value is preferred over a higher value.
Deterministic MED Comparison	Select to choose between routes that are advertised by IBGP peers (BGP peers in the same AS). Default is enabled.
Peer Group
Name	Enter a name for the BGP peer group.
Enable	Enable the peer group.
Type	Select the type of peer group as IBGP (Internal BGP, peering within an AS) or EBGP (External BGP—peering between two autonomous systems).
AFI IP Unicast	Select or create an AFI IPv4 profile to apply the settings in the profile to the peer group; default is None.
AFI IPv6 Unicast	Select or create an AFI IPv6 profile to apply the settings in the profile to the peer group; default is None.
Auth Profile	Select or create an authentication profile to authenticate BGP peer communications; default is None.
Timer Profile	Select or create a Timers profile to apply to the peer group; default is None.
Multi Hop	Set the time-to-live (TTL) value in the IP header. Range is 1 to 255; a setting of 0 means use the default value: 1 for EBGP; 255 for IBGP.
Peer
Name	Enter a name for the BGP peer.
Enable	Enable the BGP peer.
Peer AS	Enter the AS to which the peer belongs; range is 1 to 4,294,967,295.
Peer—Addressing
Inherit AFI/SAFI config from peer-group	Select for the peer to inherit the AFI and Subsequent AFI (SAFI) from the peer group.
AFI IP Unicast	(`Available if Inherit AFI/SAFI config from peer is disabled`) Select or create an AFI IPv4 profile to apply the settings in the profile to the peer; default is None.
AFI IPv6 Unicast	(`Available if Inherit AFI/SAFI config from peer is disabled`) Select or create an AFI IPv6 profile to apply the settings in the profile to the peer; default is None.
Local Address - Interface	Select the Layer 3 interface for which you are configuring BGP. Interfaces configured with a static IP address and interfaces configured as a DHCP client are available to select. If you select an interface where DHCP assigns the address, the IP address will indicate None. DHCP will later assign an IP address to the interface; you can see the address when you view More Runtime Stats for the logical router.
IP	If the interface has more than one IP address, enter the IP address and netmask you want to use.
Peer Address - IP	Enter the IP address of the peer.
Peer—Connection Options These settings override the same option you have set for the peer group to which the peer belongs.
Auth Profile	Select or create an Authentication profile. Alternatively, select inherit (Inherit from Peer-Group) or None, both of which cause the peer to use the Auth profile specified for the peer group.
Timer Profile	Select or create a Timers profile. Alternatively, select inherit (Inherit from Peer-Group) or None, both of which cause the peer to use the Timers profile specified for the peer group.
Multi Hop	Select inherit (Inherit from Peer-Group) or None, both of which cause the peer to use the value specified for the peer group.
Peer—Advanced
Enable Sender Side Loop Detection	Select to cause the firewall to check the AS_PATH attribute of a route in its forwarding information base (FIB) before it sends the route in an Update, to ensure that the peer AS number is not on the AS_PATH list. If it is, the firewall removes it to prevent a loop. Default is enabled.
BGP Redistribution
Redistribution Rules
IPv4 Unicast	Select or create a Redistribution profile to specify which static or connected IPv4 routes to redistribute to the IPv4 unicast route table. Default is None.
IPv6 Unicast	Select or create a Redistribution profile to specify which static or connected IPv6 routes to redistribute to the IPv6 unicast route table. Default is None.
Network
IPv4 or IPv6	Select IPv4 or IPv6.
Network	Add a corresponding IPv4 or IPv6 network address; subnets with matching network addresses are advertised to BGP peers of the logical router.
Unicast	Select to install the matching routes into the Unicast routing table of all BGP peers.

Static Routes for a Logical Router

Network > Routing > Routing Profiles > BGP