-
Products
-
SonicPlatform
SonicPlatform is the cybersecurity platform purpose-built for MSPs, making managing complex security environments among multiple tenants easy and streamlined.
Discover More
-
-
Solutions
-
Federal
Protect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn MoreFederalProtect Federal Agencies and Networks with scalable, purpose-built cybersecurity solutions
Learn More - Industries
- Use Cases
-
-
Partners
-
Partner Portal
Access to deal registration, MDF, sales and marketing tools, training and more
Learn MorePartner PortalAccess to deal registration, MDF, sales and marketing tools, training and more
Learn More - SonicWall Partners
- Partner Resources
-
-
Support
-
Support Portal
Find answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn MoreSupport PortalFind answers to your questions by searching across our knowledge base, community, technical documentation and video tutorials
Learn More - Support
- Resources
- Capture Labs
-
- Company
- Contact Us
BGP Configuration/BGP multihoming with single ISP- Dual Homed
10/14/2021 
157 People found this article helpful
493,510 Views
Description
BGP Configuration/BGP multihoming with single ISP- Dual Homed
Resolution
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
Devices not Supported: TZ 300/ 300W
What is BGP?
BGP is a large-scale routing protocol used to communicate routing information between Autonomous Systems (ASs), which are well-defined, separately administered network domains. BGP support allows for SonicWall security appliances to replace a traditional BGP router on the edge of a network's AS. The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. SonicWall BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. BGP is configured through the SonicOS Command Line Interface (CLI).
Autonomous Systems
Each Autonomous System has a 16-bit number assigned. Like IP addresses, an AS number may be public or private. Public AS numbers are a limited resource and are provisioned based on a number of factors. ISP customers with large networks multi-homed to two or more ISPs usually have a public AS, whereas smaller customers will be given a private AS administered by their ISP provider
SonicWall supports 2- Byte and 4- Byte ASN
Default is 2- Byte
How Does BGP Work?
BGP uses TCP port 179 for communication. BGP is considered a path-vector protocol, containing end-to-end path descriptions for destinations. BGP neighbors can either be internal (iBGP) or external (eBGP): iBGP Neighbor is in the same AS.
eBGP Neighbor is in a different AS. Paths are advertised in UPDATE messages that are tagged with various path attributes. AS_PATH and NEXT_HOP are the two most important attributes that describe the path of a route in a BGP update message.
AS_PATH: Indicates the ASs that the route is traveling from and two. In the example below, the AS_PATH is from AS 7675 to AS 12345. For internal BGP, the AS_PATH specifies the same AS for both the source and destination.
NEXT_HOP: Indicates the IP address of the next router the path travels to. Paths advertised across AS boundaries inherit the NEXT_HOP address of the boundary router. BGP relies on interior routing protocols to reach NEXT_HOP addresses.
BGP Messages
BGP communication includes the following types of messages
Open The first message between BGP peers after TCP session establishment. Contains the necessary information to establish a peering session, e.g. ASN, hold time, and capabilities such as multi-product extensions and route-refresh.
Update These messages contain path information, such as route announcements or withdrawals.
Keepalive Periodic messages to keep TCP layer up, and to advertise liveliness.
Notification A request to terminate the BGP session. Non-fatal notifications contain the error code "cease". Subcodes provide further detail:
Enable advanced routing and BGP(Configure Via CLI)
Before enabling check for the sonicOS Expanded License
- Click Manage in the top navigation menu
- Navigate to Network | Routing
- Click on Settings Tab
- Under the Routing Mode Drop down Select Advanced Routing
Click on OK to proceed and configure BGP from CLI
BGP configuration for Multihoming with single ISP
CLI Commands
admin@C0EAE45BFE7A> configure
config(C0EAE45BFE7A)# routing
(config-routing)# bgp
ZebOS version 7.7.0 IPIRouter7/2009
ARS BGP>configure terminal
ARS BGP(config-router)>router bgp 100
ARS BGP(config-router)>network 192.168.1.0/24 <>
ARS BGP(config-router)>network 192.168.2.0/24
ARS BGP(config-router)>neighbor 1.1.1.2 remote-as 200
ARS BGP(config-router)>neighbor 1.1.1.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 remote-as 200
ARS BGP(config-router)>neighbor 2.2.2.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 route-map ROUTE-ADVTISED out <>
ARS BGP(config-router)>ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
ARS BGP(config-router)>route-map ROUTE-ADVTISED permit 10
ARS BGP(config-route-map)>set as-path prepend100 100 100
ARS BGP(config-router)>Ctrl+Z
ARS BGP> Write
ARS BGP> Exit
config(C0EAE45BFE7A)#commit
Commands to check:
config(C0EAE45BFE7A)# show routing bgp [neighbor|summary]
config(C0EAE45BFE7A)# show routing bgp
config-routing)# show routing nsm database <>
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
C *> 127.0.0.0/8 is directly connected, lo0
S *> 172.27.60.0/24 [1/1] via 172.27.76.1, X0
C *> 172.27.76.0/24 is directly connected, X0
C *> 192.168.176.0/24 is directly connected, X1
B 2.0.0.0/8 [20/0] via 150.10.10.2, 00:04:23
[20/0] via 160.20.20.2, 00:04:01
Resolution for SonicOS 6.2 and Below
The below resolution is for customers using SonicOS 6.2 and earlier firmware. For firewalls that are generation 6 and newer we suggest to upgrade to the latest general release of SonicOS 6.5 firmware.
What is BGP?
BGP is a large-scale routing protocol used to communicate routing information between Autonomous Systems (ASs), which are well-defined, separately administered network domains. BGP support allows for SonicWall security appliances to replace a traditional BGP router on the edge of a network's AS. The current SonicWall implementation of BGP is most appropriate for "single-provider / singly-homed" environments, where the network uses one ISP as their Internet provider and has a single connection to that provider. SonicWall BGP is also capable of supporting "single-provider / multi-homed" environments, where the network uses a single ISP but has a small number of separate routes to the provider. BGP is configured through the SonicOS Command Line Interface (CLI).
Autonomous Systems
Each Autonomous System has a 16-bit number assigned. Like IP addresses, an AS number may be public or private. Public AS numbers are a limited resource and are provisioned based on a number of factors. ISP customers with large networks multi-homed to two or more ISPs usually have a public AS, whereas smaller customers will be given a private AS administered by their ISP provider
SonicWall supports 2- Byte and 4- Byte ASN
Default is 2- Byte
How Does BGP Work?
BGP uses TCP port 179 for communication. BGP is considered a path-vector protocol, containing end-to-end path descriptions for destinations. BGP neighbors can either be internal (iBGP) or external (eBGP): iBGP Neighbor is in the same AS.
eBGP Neighbor is in a different AS. Paths are advertised in UPDATE messages that are tagged with various path attributes. AS_PATH and NEXT_HOP are the two most important attributes that describe the path of a route in a BGP update message.
AS_PATH: Indicates the ASs that the route is traveling from and two. In the example below, the AS_PATH is from AS 7675 to AS 12345. For internal BGP, the AS_PATH specifies the same AS for both the source and destination.
NEXT_HOP: Indicates the IP address of the next router the path travels to. Paths advertised across AS boundaries inherit the NEXT_HOP address of the boundary router. BGP relies on interior routing protocols to reach NEXT_HOP addresses.
BGP Messages
BGP communication includes the following types of messages
Open The first message between BGP peers after TCP session establishment. Contains the necessary information to establish a peering session, e.g. ASN, hold time, and capabilities such as multi-product extensions and route-refresh.
Update These messages contain path information, such as route announcements or withdrawals.
Keepalive Periodic messages to keep TCP layer up, and to advertise liveliness.
Notification A request to terminate the BGP session. Non-fatal notifications contain the error code "cease". Subcodes provide further detail:
Subcode Description
Sample BGP Packet Capture.
Enable advanced routing and BGP(Configure Via CLI)
BGP configuration for Multihoming with single ISP
CLI Commands
admin@C0EAE45BFE7A> configure
config(C0EAE45BFE7A)# routing
(config-routing)# bgp
ZebOS version 7.7.0 IPIRouter7/2009
ARS BGP>configure terminal
ARS BGP(config-router)>router bgp 100
ARS BGP(config-router)>network 192.168.1.0/24 <>
ARS BGP(config-router)>network 192.168.2.0/24
ARS BGP(config-router)>neighbor 1.1.1.2 remote-as 200
ARS BGP(config-router)>neighbor 1.1.1.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 remote-as 200
ARS BGP(config-router)>neighbor 2.2.2.2 prefix-list DEFAULT-ROUTE in <>
ARS BGP(config-router)>neighbor 2.2.2.2 route-map ROUTE-ADVTISED out <>
ARS BGP(config-router)>ip prefix-list DEFAULT-ROUTE seq 5 permit 0.0.0.0/0
ARS BGP(config-router)>route-map ROUTE-ADVTISED permit 10
ARS BGP(config-route-map)>set as-path prepend100 100 100 <>
ARS BGP(config-router)>Ctrl+Z
ARS BGP> Write
ARS BGP> Exit
config(C0EAE45BFE7A)#commit
Commands to check:
config(C0EAE45BFE7A)# show routing bgp [neighbor|summary]
config(C0EAE45BFE7A)# show routing bgp
config-routing)# show routing nsm database <>
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
> - selected route, * - FIB route, p - stale info
C *> 127.0.0.0/8 is directly connected, lo0
S *> 172.27.60.0/24 [1/1] via 172.27.76.1, X0
C *> 172.27.76.0/24 is directly connected, X0
C *> 192.168.176.0/24 is directly connected, X1
B 2.0.0.0/8 [20/0] via 150.10.10.2, 00:04:23 <>
[20/0] via 160.20.20.2, 00:04:01
Related Articles
- How to Block Google QUIC Protocol on SonicOSX 7.0?
- How to block certain Keywords on SonicOSX 7.0?
- How internal Interfaces can obtain Global IPv6 Addresses using DHCPv6 Prefix Delegation
Categories
- Firewalls > TZ Series > Networking
- Firewalls > SonicWall NSA Series > Networking
- Firewalls > SonicWall SuperMassive E10000 Series > Networking
- Firewalls > SonicWall SuperMassive 9000 Series > Networking
YES
NO