Requirements
- Request your own or use an unique ARIN registered autonomous system (AS) number for your BGP site.
- Know the AS numbers of BGP sites to be connected.
- Create an OSPF/RIP/BGP service on the Barracuda CloudGen Firewall.
Step 1. Configure Basic Settings
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Assigned Services > OSPF-RIP-BGP-Service > OSPF/RIP/BGP Settings.
- Enable BGP (If you are not using OSPF and RIP, disable them).
- From the Operation Mode drop down field, select one of the following options according to your requirements:
- advertise-only – Networks are only advertised.
- learn-only – Only networks on the interfaces that are configured for OSPF/RIP/BGP are propagated; learned routes from other systems are still advertised.
- advertise-learn – Networks are learned and propagated.
- In the Hostname field, enter the hostname of the BGP router.
In the Router ID field, enter the IP address of the BGP router. You can enter any address from your ARIN range. Usually, the first or last IP address in the subnet is used.
- Click Send Changes and Activate.
Step 2. Configure Operational Settings
- On the OSPF/RIP/BGP Settings page, click BGP Router Setup from the Configuration menu in the left navigation pane.
- In the AS Number field, enter the AS number that you received from the ARIN. (This is the number of the autonomous system that the BGP router belongs to).
In the Terminal Password field, specify the password for the connection to the BGP routing daemon through the command-line interface.
- In the Networks table, add an entry for the ARIN network and any other network that you want to advertise.
- Enter a name for the network and click OK. The Network window opens.
- In the Network Prefix field, enter the network and subnet mask in CIDR notation for the autonomous system of the BGP router.
- Click OK.
- In the Route Distribution Configuration section, enable the network route types to be redistributed by this BGP router according to your requirements. You can enable the following network routes:
- Kernel Routes – Kernel network routes will be redistributed.
- Static Routes – Gateway network routes will be redistributed.
- Connected Routes – Network routes of directly attached networks will be redistributed.
- RIP Routes – Network routes learned by the RIP router will be redistributed.
- OSPF Routes – Network routes learned by the OSPF router will be redistributed.
- Click Send Changes and Activate.
Step 3. Configure BGP Preferences
In most cases, the default BGP preferences are sufficient and do not have to be configured. If you want, you can configure more detailed logging, special routing tables, and multipath handling.
- On the OSPF/RIP/BGP Settings page, click BGP Preferences from the Configuration menu in the left navigation pane.
- Specify the logging details according to your requirements.
- Click Send Changes and Activate.
Step 4. Add an IP Prefix Filter
On the OSPF/RIP/BGP Settings page, click Filter Setup IPv4 from the Configuration menu in the left navigation pane.
- In the IPv4 Prefix Filter table, add an entry for the IP prefix filter. Enter a descriptive name, for example ARIN, and then click OK.
- In the IPv4 Prefix Filter configuration, enter an optional description. For example, ARIN Range.
- In the Sequence Number section, click + to add a Sequence Number configuration and specify a unique identifier number for the prefix list item in the Sequence Number field. For example, 01.
- In the Network Prefix field, enter the network IP range that you received from the ARIN (in this example 198.200.200.0/24 ). Then click OK.
- Click OK.
- Click Send Changes and Activate.
Step 5. Configure Neighbor Settings
Before you configure the neighbor settings, the network for each provider that participates in BGP routing must be configured properly. Obtain and carefully verify the default gateway IP address for each provider.
- On the OSPF/RIP/BGP Settings page, click Neighbor Setup IPv4 from the Configuration menu in the left navigation pane.
- In the Neighbors table, add an entry for each provider network:
- Enter a descriptive name for the network and then click OK. The Neighbors window opens.
- In the Neighbor IP field, enter the default gateway IP address of the existing provider.
- From the Enable BGP Routing Protocol Usage list, select yes.
- In the BGP Parameters section, enter the BGP AS number of the ISP. (Do not enter the customer AS number that was specified in the BGP router settings.)
In the Neighbor Password field, enter the password that should be used to connect to the neighbor peer.
- Select yes from the Update Source drop down list to enable the Update Source Interface setting.
In the Update Source Interface field, enter an IP address from your network that should be used for the BGP session to this neighbor.
Click OK.
Click Send Changes and Activate.
Step 6. Add the IP Address of the BGP Router
You must add the IP address of the BGP router as an additional IP address in the Virtual Server Properties on the Barracuda CloudGen Firewall. To add the IP address of the BGP router:
- Go to CONFIGURATION > Configuration Tree > Box > Virtual Servers > your virtual server > Server Properties.
- Click Lock.
- In the Virtual Server IP Addresses section, add an entry to the Additional IP table.
- In the Additional IP field, enter the IP address of the BGP Router.
- From the Reply to Ping list, select yes.
- You can enter an optional description.
- Click OK.
- Click Send Changes and Activate.
Step 7. Create a Firewall Rule for BGP Router Communication
To allow communication with other BGP routers, introduce a host firewall rule that allows network traffic through TCP port 179. For more information on creating firewall rules, see Firewall Rules.
Administrating BGP Routers from the Command Line
The BGP routing daemon for the Barracuda CloudGen Firewall is based on the Quagga Software Routing Suite. You can configure and administrate the BGP router from the Barracuda CloudGen Firewall command-line interface.
- Open the Command-Line Interface.
- Enter
vtysh
to launch the configuration tool.