: Network > Routing > Routing Profiles > BGP
Focus
Focus

Network > Routing > Routing Profiles > BGP

Table of Contents

Network > Routing > Routing Profiles > BGP

Create BGP routing profiles to efficiently configure BGP for the logical router.
For a logical router, use BGP profiles to efficiently apply configuration to BGP peer groups, peers, or redistribution rules. For example, you can apply a Timer Profile or Authentication Profile to a BGP peer group or a peer. You can apply an Address Family (AFI) profile for IPv4 and for IPv6 to a peer group. You can apply a Redistribution profile for IPv4 and for IPv6 to BGP redistribution.
BGP Routing Profiles
Description
BGP Auth Profile
Name
Enter a name for the Authentication profile (maximum of 31 characters).
Secret
Enter the Secret and Confirm Secret. The Secret is used as a key in MD5 authentication.
BGP Timers Profile
Name
Enter a name for the Timers profile (maximum of 31 characters).
Keep Alive Interval (sec)
Enter the interval, in seconds, after which routes from the peer are suppressed according to the Hold Time setting (range is 0 to 1,200; default is 30).
Hold Time (sec)
Enter the length of time, in seconds, that may elapse between successive Keepalive or Update messages from the peer before the peer connection is closed (range is 3 to 3,600; default is 90).
Minimum Route Advertise Interval (sec)
Enter the minimum about of time, in seconds, that must occur between two successive Update messages (that a BGP speaker [the firewall] sends to a BGP peer) that advertise routes or withdrawal of routes (range is 1 to 600; default is 30).
BGP Address Family Profile
Name
Enter a name for the Address Family Identifier (AFI) profile (maximum of 31 characters).
IPv4 or IPv6
Select the type of AFI profile (IPv4 or IPv6).
Advertise all paths to a peer
Advertise all routes in the BGP routing information base (RIB).
Advertise the best path per neighboring AS
Enable to ensure that BGP advertises the best path for each neighboring AS, and not a generic path for all autonomous systems. Disable this if you want to advertise the same path to all autonomous systems.
Allow AS in
Specify whether to allow routes that include the firewall’s own autonomous system (AS) number:
  • Origin—Accept routes even if the firewall’s own AS is present in the AS_PATH.
  • Occurrence—Number of times the firewall’s own AS can be in an AS_PATH.
  • None—(default setting) No action taken.
Override ASNs in outbound updates if AS-Path equals Remote-AS
You might use the BGP AS override feature if you have multiple sites belonging to the same AS (AS 64512, for example) and there is another AS between them. A router between the two sites receives an Update advertising a route that can access AS 64512. To avoid the second site dropping the Update because it is also in AS 64512, the intermediate router replaces AS 64512 with its own ASN, AS 64522, for example.
Originate Default Route
Select to advertise a default route. Disable if you want to advertise only routes that go to specific destinations.
Num_prefixes
Enter the maximum number of prefixes to accept from peer.
Threshold (%)
Enter the threshold percentage of the maximum number of prefixes. If the peer advertises more than the threshold, the firewall takes the specified Action (warning or restart). Range is 1 to 100%.
Action
Specify the action the firewall takes on the BGP connection after the maximum number of prefixes is exceeded: Warning Only message in logs or Restart the BGP peer connection.
Next Hop
Select the next hop:
  • None—No action; calculate the next hop for this neighbor.
  • Self—Disable next-hop calculation and advertise routes with local next-hop.
  • Self Force—Force set the next hop to self for the reflected routes.
Remove Private AS
To have BGP remove private AS numbers form the AS_PATH attribute in Updates that the firewall sends to a peer in another AS, select one of the following:
  • All—Remove all private AS numbers.
  • Replace AS—Replace all private AS numbers with the firewall’s AS number.
  • None—(default setting) No action taken.
Route Reflector Client
Enable the firewall as a BGP Route Reflector Client.
Send Community
Select the type of BGP community attribute to send in outbound Update messages:
  • All—Send all communities.
  • Both—Send standard and extended communities.
  • Extended—Send extended communities.
  • Large—Send large communities.
  • Standard—Send standard communities.
  • None—Do not send any communities.
BGP Redistribution Profile
Name
Enter a name for the Redistribution profile (maximum of 31 characters).
IPv4 or IPv6
Select IPv4 or IPv6 Address Family Identifier (AFI) to specify which type of route is redistributed.
Static
Select Static and Enable to redistribute IPv4 or IPv6 static routes (that match the AFI you selected) into the BGP routing information base (RIB) of the BGP peers.
Metric
Enter the metric to apply to the static routes being redistributed into BGP (range is 1 to 65,535).
Connected
Select Connected and Enable to redistribute IPv4 or IPv6 connected routes (that match the AFI you selected) into the BGP routing information base (RIB) of the BGP peers.
Metric
Enter the metric to apply to the connected routes being redistributed into BGP (range is 1 to 65,535).