Requirements
- Request your own or use a unique ARIN-registered autonomous system (AS) number for your BGP site.
- Know the AS numbers of BGP sites to be connected.
- Create an OSPF/RIP/BGP service on the Barracuda CloudGen Firewall.
Step 1. Configure Basic Settings
- Go to CONFIGURATION > Configuration Tree > Box > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
- Enable BGP. (If you are not using OSPF and RIP, disable them.)
- From the Operation Mode drop-down field, select one of the following options according to your requirements:
- advertise-only – Networks are only advertised.
- learn-only – Only networks on the interfaces that are configured for OSPF/RIP/BGP are propagated; learned routes from other systems are still advertised.
- advertise-learn – Networks are learned and propagated.
- In the Hostname field, enter the hostname of the BGP router.
In the Router ID field, enter the IP address of the BGP router. You can enter any address from your ARIN range. Usually, the first or last IP address in the subnet is used.
- Click Send Changes and Activate.
Step 2. Configure Operational Settings
- On the OSPF/RIP/BGP Settings page, click BGP Router Setup from the Configuration menu in the left navigation pane.
- In the AS Number field, enter the AS number that you received from the ARIN. (This is the number of the autonomous system that the BGP router belongs to.)
In the Terminal Password field, specify the password for the connection to the BGP routing daemon through the command-line interface.
- In the Networks table, add an entry for the ARIN network and any other network that you want to advertise.
- Enter a name for the network and click OK. The Network window opens.
- In the Network Prefix field, enter the network and subnet mask in CIDR notation for the autonomous system of the BGP router.
- Click OK.
- In the Route Distribution Configuration section, enable the network route types to be redistributed by this BGP router according to your requirements. You can enable the following network routes:
- Connected Routes – Network routes of directly attached networks will be redistributed.
- RIP Routes – Network routes learned by the RIP router will be redistributed.
- OSPF Routes – Network routes learned by the OSPF router will be redistributed.
- Click Send Changes and Activate.
Step 3. Configure BGP Preferences
In most cases, the default BGP preferences are sufficient and do not have to be configured. If you want, you can configure more detailed logging, special routing tables, and multipath handling.
- On the OSPF/RIP/BGP Settings page, click BGP Preferences from the Configuration menu in the left navigation pane.
- Specify the logging details according to your requirements.
- Click Send Changes and Activate.
Step 4. Add an IP Prefix Filter
On the OSPF/RIP/BGP Settings page, click Filter Setup IPv4 from the Configuration menu in the left navigation pane.
- In the IPv4 Prefix Filter table, add an entry for the IP prefix filter. Enter a descriptive name, for example
ARIN
, and then click OK. - In the IPv4 Prefix Filter configuration, enter an optional description. For example,
ARIN Range
. - In the Sequence Number section, click + to add a sequence number configuration and specify a unique identifier number for the prefix list item in the Sequence Number field. For example,
01
. - In the Network Prefix field, enter the network IP range that you received from the ARIN (in this example: 198.200.200.0/24). Then click OK.
- Click OK.
- Click Send Changes and Activate.
Step 5. Configure Neighbor Settings
Before you configure the neighbor settings, the network for each provider that participates in BGP routing must be configured properly. Obtain and carefully verify the default gateway IP address for each provider.
- On the OSPF/RIP/BGP Settings page, click Neighbor Setup IPv4 from the Configuration menu in the left navigation pane.
- In the Neighbors table, add an entry for each provider network:
- Enter a descriptive name for the network and then click OK. The Neighbors window opens.
- In the Neighbor IP field, enter the default gateway IP address of the existing provider.
- From the Enable BGP Routing Protocol Usage list, select yes.
- In the BGP Parameters section, enter the BGP AS number of the ISP. (Do not enter the customer AS number that was specified in the BGP router settings.)
In the Neighbor Password field, enter the password that should be used to connect to the neighbor peer.
- Select yes from the Update Source drop-down list to enable the Update Source Interface setting.
In the Update Source Interface field, enter an IP address from your network that should be used for the BGP session to this neighbor.
Click OK.
Click Send Changes and Activate.
Step 5a. (optional) Configure Bidirectional Forward Detection (BFD)
BFD (Bidirectional Forward Detection) is a simple hello/echo protocol for detecting link failures between 2 connected neighbors.
BFD can only be configured for an existing IPv4 neighbor.
Perform the following steps to configure BFD:
- On the OSPF/RIP/BGP Settings page, click Neighbor Setup IPv4 from the Configuration menu in the left navigation pane.
- Double-click an entry for a neighbor in the list of configured IPv4 neighbors.
- The Neighbors window is displayed.
- Scroll down to Enable BFD in the BGP Parameters section.
- Select yes for Enable BFD.
- Click the Set... button for Advanced BFD Settings.
- The Advanced BFD Settings window is displayed.
- The edit fields are already preset with commonly used values:
- If necessary, change these values to match your requirements.
- Click OK.
- Click Send Changes and Activate.
Step 6. Add the IP Address of the BGP Router
You must add the IP address of the BGP router as a shared IP address in the IP Configuration on the Barracuda CloudGen Firewall. To add the IP address of the BGP router:
- Go to CONFIGURATION > Configuration Tree > Box > Network.
- In the left menu, select IP Configuration.
- Click Lock.
- In the Shared Networks and IPs section, click + to add the IP address of the BGP router. The Shared Networks and IPs window opens.
- In the Network Address field, enter the network the BGP router resides in.
- In the Shared IPs in this Network table, click + and add the IP address of the BGP router.
- From the Responds to Ping list, select yes.
- Click OK.
- Click Send Changes and Activate.
Step 7. Create a Firewall Rule for BGP Router Communication
To allow communication with other BGP routers, introduce a host firewall rule that allows network traffic through TCP port 179. For more information on creating firewall rules, see Access Rules.
Administrating BGP Routers from the Command Line
The BGP routing daemon for the Barracuda CloudGen Firewall is based on the FRRouting Protocol Suite. You can configure and administrate the BGP router from the Barracuda CloudGen Firewall command-line interface.
- Open the Command-Line Interface.
- Enter
vtysh
to launch the configuration tool.