It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see End-of-Support for CloudGen Firewall Firmware for further information on our EoS policy.

How to Configure BGP Router Setup

  • Last updated on

Requirements

  • Request your own or use an unique ARIN registered autonomous system (AS) number for your BGP site.
  • Know the AS numbers of BGP sites to be connected.
  • Create an OSPF/RIP/BGP service on the Barracuda CloudGen Firewall.

Step 1. Configure Basic Settings

  1. Go to CONFIGURATION Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
  2. Enable BGP (If you are not using OSPF and RIP, disable them).
  3. From the Operation Mode drop down field, select one of the following options according to your requirements:
    • advertise-only Networks are only advertised.
    • learn-only – Only networks on the interfaces that are configured for OSPF/RIP/BGP are propagated; learned routes from other systems are still advertised.
    • advertise-learn – Networks are learned and propagated.
  4. In the Hostname field, enter the hostname of the BGP router.
  5. In the Router ID field, enter the IP address of the BGP router. You can enter any address from your ARIN range. Usually, the first or last IP address in the subnet is used.

    You must also add this IP address as an additional IP address in the Virtual Server Properties on the Barracuda CloudGen Firewall, as described later in Step 6 of the configuration.

  6. Click Send Changes and Activate.

Step 2. Configure Operational Settings

In the settings for network routes that should be propagated by the BGP router, make sure that you enable the Advertise Route setting. See How to Configure Direct Attached Routes or How to Configure Gateway Routes.

  1. On the OSPF/RIP/BGP Settings page, click BGP Router Setup from the Configuration menu in the left navigation pane.
  2. In the AS Number field, enter the AS number that you received from the ARIN. (This is the number of the autonomous system that the BGP router belongs to).
  3. In the Terminal Password field, specify the password for the connection to the BGP routing daemon through the command-line interface.

    The password can consist of small and capital characters, numbers, and non alpha-numeric symbols, except the hash sign (#).

  4. In the Networks table, add an entry for the ARIN network and any other network that you want to advertise.
    1. Enter a name for the network and click OK. The Network window opens.
    2. In the Network Prefix field, enter the network and subnet mask in CIDR notation for the autonomous system of the BGP router.
    3. Click OK.
  5. In the Route Distribution Configuration section, enable the network route types to be redistributed by this BGP router according to your requirements. You can enable the following network routes:
    • Kernel Routes  Kernel network routes will be redistributed.
    • Static Routes  Gateway network routes will be redistributed.
    • Connected Routes  Network routes of directly attached networks will be redistributed.
    • RIP Routes  Network routes learned by the RIP router will be redistributed.
    • OSPF Routes  Network routes learned by the OSPF router will be redistributed.
  6. Click Send Changes and Activate.

Step 3. Configure BGP Preferences

In most cases, the default BGP preferences are sufficient and do not have to be configured. If you want, you can configure more detailed logging, special routing tables, and multipath handling.

  1. On the OSPF/RIP/BGP Settings page, click BGP Preferences from the Configuration menu in the left navigation pane.
  2. Specify the logging details according to your requirements.
  3. Click Send Changes and Activate.

Step 4. Add an IP Prefix Filter

  1. On the OSPF/RIP/BGP Settings page, click Filter Setup IPv4 from the Configuration menu in the left navigation pane.

    The Barracuda CloudGen Firewall does also provide this configuration area for IPv6 addresses. When using IPv6, specify all settings described in the sections designated for IPv6. Note, that IPv6 has to be enabled in Quagga too. For general information on the implementation of IPv6 on the Barracuda CloudGen Firewall, see IPv6.

  2. In the IPv4 Prefix Filter table, add an entry for the IP prefix filter. Enter a descriptive name, for example ARIN, and then click OK.
  3. In the IPv4 Prefix Filter configuration, enter an optional description. For example, ARIN Range.
  4. In the Sequence Number section, click + to add a Sequence Number configuration and specify a unique identifier number for the prefix list item in the Sequence Number field. For example, 01.
  5. In the Network Prefix field, enter the network IP range that you received from the ARIN (in this example 198.200.200.0/24 ). Then click OK.
  6. Click OK.
  7. Click Send Changes and Activate.

Step 5. Configure Neighbor Settings

Before you configure the neighbor settings, the network for each provider that participates in BGP routing must be configured properly. Obtain and carefully verify the default gateway IP address for each provider.

You must only start configuring the neighbor settings on the provider side after you have completed the previous sections for enabling BGP , configuring the BGP router and adding an IP prefix filter . Otherwise, the BGP routing infrastructure will dampen any ICMP request and response, and the BGP service will have to be restarted on the ISP side. This ping dampening will occur whenever the BGP service goes up and down numerous times over a small period of time.

  1. On the OSPF/RIP/BGP Settings page, click Neighbor Setup IPv4 from the Configuration menu in the left navigation pane.
  2. In the Neighbors table, add an entry for each provider network:
    1. Enter a descriptive name for the network and then click OK. The Neighbors window opens.
    2. In the Neighbor IP field, enter the default gateway IP address of the existing provider.
    3. From the Enable BGP Routing Protocol Usage list, select yes.
    4. In the BGP Parameters section, enter the BGP AS number of the ISP. (Do not enter the customer AS number that was specified in the BGP router settings.)
    5. In the Neighbor Password field, enter the password that should be used to connect to the neighbor peer.

      The password can consist of small and capital characters, numbers, and non alpha-numeric symbols, except the hash sign (#).

    6. Select yes from the Update Source drop down list to enable the Update Source Interface setting.
    7. In the Update Source Interface field, enter an IP address from your network that should be used for the BGP session to this neighbor.

      If you only advertise the ARIN route to go to providers (and not the network IP ranges or the ranges of other ISPs), it is highly recommended that you configure the Peer Filtering for Output settings. Select the Peer Filter from the IP filter list that you created in the previous section (Add an IP Prefix Filter).

    8. Click OK.

  3. Click Send Changes and Activate.

Step 6. Add the IP Address of the BGP Router

You must add the IP address of the BGP router as an additional IP address in the Virtual Server Properties on the Barracuda CloudGen Firewall. To add the IP address of the BGP router:

  1. Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Server Properties.
  2. Click Lock.
  3. In the Virtual Server IP Addresses section, add an entry to the Additional IP table.
    1. In the Additional IP field, enter the IP address of the BGP Router.
    2. From the Reply to Ping list, select yes.
    3. You can enter an optional description.
    4. Click OK.
  4. Click Send Changes and Activate.

Step 7. Create a Firewall Rule for BGP Router Communication

To allow communication with other BGP routers, introduce a host firewall rule that allows network traffic through TCP port 179. For more information on creating firewall rules, see Firewall Rules.

Administrating BGP Routers from the Command Line

The BGP routing daemon for the Barracuda CloudGen Firewall is based on the Quagga Software Routing Suite. You can configure and administrate the BGP router from the Barracuda CloudGen Firewall command-line interface.

  1. Open the Command-Line Interface.
  2. Enter vtysh to launch the configuration tool.