We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure Inbound Load Balancing and Link Failover with BGP

  • Last updated on

BGP is used to announce routes to the neighboring networks. If you are using two or more ISPs to connect to the Internet, you can use BGP to assign a preferred link to each propagated subnet. To make your preferred route more attractive to the remote router, you can make the secondary link appear longer by artificially lengthening its AS-Path. Because BGP neighbors are continuously monitored by the remote router, inbound link failover is achieved because the secondary link is automatically chosen if the preferred link becomes unavailable.

bgp_2_isps.png

In this article:

Before You Begin

Before you configure the BGP service, get an AS number for your network. AS numbers from 64512 to 65534 and 4,200,000,000 to 4,294,967,295 are reserved for private networks.

Step 1. Enable the BGP Service

Create and configure the BGP service.

  1. Create an OSPF/RIP/BGP Service.
  2. Go to CONFIGURATION Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  3. Click Lock.
  4. From the Run BGP Router list, select yes.
  5. From the Operation Mode list, select advertise-learn.
  6. In the Router ID field, enter the IP address of the router.
  7. Click Send Changes and Activate.

Step 2. Configure the BGP Service

Configure the BGP service and propagate the local subnets (e.g., 10.0.0.0/24 and 172.16.16.0/24).

  1. Go to CONFIGURATION Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. In the left pane, click BGP Router Setup.
  3. Enter the AS Number for your network.
  4. In the Terminal Password fields, specify a password for connecting to the BGP router service via telnet from the shell of the Barracuda NextGen Firewall F-Series.
  5. In the Networks table, add the local subnets (e.g., 10.0.0.0/24 and 172.16.16.0/24). For each subnet:
    1. Click the plus sign (+).

    2. Enter a Name for the network and click OK.
    3. In the Network Prefix field, enter the subnet. This is the subnet which is propagated via BGP (e.g., 10.0.0.0/24 or 172.16.16.0/24).

      BGPLocalSubnets.png
    4. Click OK.
  6. Click Send Changes and Activate.
    BGPService.png 

Step 3. Create BGP Neighbors

Specify the IP addresses of the BGP neighbors that the BGP routing information should be propagated to. Normally, the ISP's router is the BGP neighbor.

  1. Go to CONFIGURATION Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. In the left pane, click Neighbor Setup IPv4.
  3. Click Lock.
  4. In the Neighbors table, create a BGP neighbor for each ISP. For each BGP neighbor:
    1. Click the plus sign (+).
    2. Enter a Name for the ISP (e.g., ISP1bgpNeighbor).
    3. In the Neighbors window, specify the following settings: 
      • Neighbor IPv4 – Enter the IP address of the BGP neighbor (e.g., 192.168.0.1 or 192.168.1.1).
      • OSPF Routing Protocol Usage – Select no.
      • RIP Routing Protocol Usage – Select no.
      • BGP Routing Protocol Usage – Select yes.
      • AS Number – Enter the AS number that is assigned to the BGP neighbors (e.g., 64513 or 64515).
      • Update Source – Select Address
      • Update Source IPv4 Address – Enter the IP address that is assigned to the interface of the BGP neighbor (e.g., 192.168.0.254 or 192.168.1.254).
      BGPNeighbor.png
    4. Click OK.
  5. Click Send Changes and Activate.

Step 4. Create IPv4 Prefix List Filters

Create prefix list filters for each local subnet.

  1. Go to CONFIGURATION Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. In the left pane, click Filter Setup IPv4.
  3. Click Lock.
  4. In the IPv4 Prefix List Filters table, create a filter for the local subnets (e.g., 10.0.0.0/24 and 172.16.16.0/24). For each local subnet:
    1. Click the plus sign (+).
    2. Enter a Name.
    3. In the Sequence Number section, click the plus sign (+).
      BFPPrefixList.png
    4. In the Sequence Number window, specify the following settings:
      • Sequence Number – Enter the sequence number (e.g., 1). For additional networks to the prefix list, iterate the sequence number.
      • Network Prefix – Enter the subnet  (e.g., 10.0.0.0/24 or 172.16.16.0/24).
      • Type – Select permit.
      • Extent Type – Select none
      BGPSequence.png
    5. Click OK to close the Sequence Number window with your settings.
    6. Click OK to close the IPv4 Prefix Lists window with your settings.
  5. Click Send Changes and Activate.

Step 5. Create Route Map IPv4 Filters

For each BGP neighbor, create a route map to propagate your preferences on how you want the remote router to route traffic to your network. The route maps add the AS number a second time to the BGP entries, to influence the remote router's decision on which network route is more direct.

  1. Go to CONFIGURATION Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. In the left pane, click Filter Setup IPv4.
  3. Click Lock.
  4. In the Route Maps IPv4 Filters table, add a filter for each BGP neighbor that you created in Step 3. For each neighbor:
    1. Click the plus sign (+).
    2. Enter a Name and click OK.
    3. In the Route Map Entry section, click the plus sign (+).
    4. In the Route Map Entry window, specify the following settings:
      • Sequence Number – Enter a unique sequence number (e.g., 1). This sequence number must be unique across all route maps. For additional entries iterate the sequence numbers.
      • Type – Select permit.
      • Match Condition – Select IP_Prefix_List.
      • IP Prefix List – Select the IP prefix list that contains the subnet using this connection as the preferred incoming route (e.g., 10.0.0.0/24 via 64515 or 172.16.16.0/24 via 64513).
      • Set Action – Select None.
    5. Click OK.
    6. In the Route Map Entry section, click +
    7. In the Route Map Entry window, specify the following settings:
      • Sequence Number – Enter a unique sequence number (e.g., 1). This sequence number must be unique across all route maps. Iterate the sequence number for further
      • Type – Select permit.
      • Match Condition – Select IP_Prefix_List.
      • IP Prefix List – Select the IP prefix list that contains the subnet using this connection as a backup (e.g., 10.0.0.0/24 via 64513 or 172.16.16.0/24 via 64515).
      • Set Action – Select AS_Path.
      • Set addition to AS-Path Enter your AS number (e.g., 64514).

      BGPRouteMap.png

    8. Click OK to close the Route Map Entry window with your settings.
    9. Click OK to close the Route Maps IPv4 window with your settings.
  5. Click Send Changes and Activate.

Monitoring BGP Routes

To monitor the routes that are learned and propagated by BGP go to the CONTROL > Network page and click the BGP tab.
BGPmonitoring.png

Last updated on