Configure basic BGP settings

Enable and customize BGP settings to control routing behavior and improve network operations

You can set many basic settings for BGP.

For a device using virtual routing, the basic settings described in this section must be configured in the BGP page under General Settings . For more information, see Modifications to the Cloud-Delivered Firewall Management Center web interface routing page .

Procedure

Step 1

Choose Devices > Device Management, and edit the Firewall Threat Defense device.

Step 2

Select Routing.

Step 3

(For a virtual-router-aware device) Under General Settings, click BGP.

Step 4

Check the Enable BGP check box to enable the BGP routing process.

Step 5

In the AS Number field, enter the autonomous system (AS) number for the BGP process. The AS number internally includes multiple autonomous numbers. The AS number can be from 1 to 4294967295 or from 1.0 to 65535.65535. The AS number is a uniquely assigned value, that identifies each network on the Internet.

Step 6

In the Router ID drop-down list, choose Automatic or Manual (appears for non-cluster and a cluster in spanned etherchannel mode) or Cluster Pool (appears for a cluster in individual interface mode) . If you choose Automatic, the highest-level IP address on the Firewall Threat Defense device is used as the router ID. If you choose Manual, enter the IP address in the IP Address field. If you choose Cluster Pool, enter the cluster pool value in the Cluster Pool field. For information on creating the cluster pool address, see Address Pools .

Step 7

To use a fixed router ID, choose Manual and enter an IPv4 address in the IP Address field. The default value is Automatic. For a virtual router-aware device, you can override the router ID settings in the Virtual Routers > BGP page.

Step 8

(Optional) Edit the various BGP settings, starting with General. The defaults for these settings are appropriate in most cases, but you can adjust them to fit the needs of your network. Click Edit (edit icon) to edit the settings in the group:

  1. Enter a Scanning Interval for BGP routers for next-hop validation. Valid values are from 5 to 60 seconds. The default value is 60.

  2. Enter the Number of AS numbers in AS_PATH attribute . An AS _PATH attribute is a sequence of intermediate AS numbers between source and destination routers that form a directed route for packets to travel. Valid values are between 1 and 254. The default value is None.

  3. Check the Log Neighbor Changes check box to enable logging of BGP neighbor changes (up or down) and resets. This helps in troubleshooting network connectivity problems and measuring network stability. This is enabled by default.

  4. Check the Use TCP Path MTU Discovery check box to use the Path MTU determining technique to determine the maximum transmission unit (MTU) size on the network path between two IP hosts. This avoids IP fragmentation. This is enabled by default.

  5. Check the Reset session upon Failover check box to reset the external BGP session immediately upon link failure. This is enabled by default.

  6. Check the Enforce that the first AS is peer’s AS for EBGP routes check box to discard incoming updates received from external BGP peers that do not list their AS number as the first segment in the AS_PATH attribute. This prevents a mis-configured or unauthorized peer from misdirecting traffic by advertising a route as if it was sourced from another autonomous system. This is enabled by default.

  7. Check the Use dot notation for AS number check box to split the full binary 4-byte AS number into two words of 16 bits each, separated by a dot. AS numbers from 0-65553 are represented as decimal numbers and AS numbers larger than 65535 are represented using the dot notation. This is disabled by default.

  8. Click OK .

Step 9

(Optional) Edit the Best Path Selection section:

  1. Enter a value for Default Local Preference between 0 and 4294967295. The default value is 100. Higher values indicate higher preference. This preference is sent to all routers and access servers in the local autonomous system.

  2. Check the Allow comparing MED from different neighbors check box to allow the comparison of Multi Exit Discriminator (MED) for paths from neighbors in different autonomous systems. This is disabled by default.

  3. Check the Compare Router ID for identical EBGP paths check box to compare similar paths received from external BGP peers during the best path selection process and switch the best path to the route with the lowest router ID. This is disabled by default.

  4. Check the Pick the best MED path among paths advertised from the neighboring AS check box to enable MED comparison among paths learned from confederation peers. The comparison between MEDs is made only if no external autonomous systems are there in the path. This is disabled by default.

  5. Check the Treat missing MED as the least preferred one check box to consider the missing MED attribute as having a value of infinity, making the path the least desirable; therefore, a path with a missing MED is least preferred. This is disabled by default.

  6. Click OK .

Step 10

(Optional) Edit the Neighbor Timers section:

  1. Enter the time interval for which the BGP neighbor remains active after not sending a keepalive message in the Keep alive interval field. At the end of this keepalive interval, the BGP peer is declared dead, if no messages are sent. The default value is 60 seconds.

  2. Enter the time interval for which the BGP neighbor remains active while a BGP connection is being initiated and configured in the Hold time field. The default value is 180 seconds. Specify a value from 0 to 65535.

  3. (Optional) Enter the minimum time interval for which the BGP neighbor remains active while a BGP connection is being initiated and configured in the Min Hold time field. Specify a value from 3 to 65535.

    Note

    A hold time of less than 20 seconds increases the possibility of peer flapping.

  4. Click OK .

Step 11

In the Next Hop section, optionally select the Enable address tracking check box to enable BGP next hop address tracking and enter the Delay Interval between checks on updated next-hop routes installed in the routing table. Click OK .

Note

The Next Hop section is applicable only to IPv4 settings.

Step 12

(Optional) Edit the Graceful Restart section:

Note

This section is available only when the Firewall Threat Defense device is in failover or spanned cluster mode. This is done so that there is no drop in packets in the traffic flow, when one of the devices in the failover setup fails.

  1. Check the Enable Graceful Restart checkbox to enable Firewall Threat Defense peers to avoid a routing flap following a switchover.

  2. Specify the time duration that Firewall Threat Defense peers will wait to delete stale routes before a BGP open message is received in the Restart Time field. The default value is 120 seconds. Valid values are between 1 and 3600 seconds.

  3. Enter the time duration that the Firewall Threat Defense will wait before deleting stale routes after an end of record (EOR) message is received from the restarting Firewall Threat Defense in the Stalepath Time field. The default value is 360 seconds. Valid values are between 1 and 3600 seconds.

  4. Click OK .

Step 13

Click Save.

Step 14

To view the BGP basic settings, from the virtual routers drop-down, select the desired router, and then click BGP .

This page displays the basic settings that are configured in the Settings page. You can edit the router ID settings on this page.

Step 15

To edit the router ID settings, modify the IP address in the IP Address fields. The modified value overrides the router ID settings that were configured in the BGP page under General Settings.

The device is configured with basic BGP settings, enabling BGP routing, specifying the AS number, router ID, and any custom parameters you set.