Support Center > Search Results > SecureKnowledge Details
Configuring SecurePlatform Pro for BGP Technical Level

Important: Please ensure that you are familiar with routing protocols before using this quick guide.

The following procedure provides step by step guidance on how to configure BGP dynamic routing on SecurePlatform Pro:

  1. Connect to command line on Security Gateway / each cluster member.

  2. Log in to Expert mode.

  3. Enter Router Mode by running the command router or cligated.
    Note: You can display all the available commands by typing <?> and pressing the "Enter" key.

  4. Enter Privileged Execution mode by running the command enable. If this mode is password protected, you will be prompted for a password.

  5. You can type show run to display the current configuration.

  6. Enter Global Configuration Mode by running the command config terminal or config t.

  7. RIP and OSPF are Internal Gateway Protocols. BGP is an External Gateway Protocol. The entire routing domain is divided into Autonomous Systems (AS). Each AS receives an AS Number (2 bytes). When BGP is configured, you must specify to which AS the router belongs.

    Note: You can configure BGP and other routing protocols on the same interface, e.g. BGP and OSPF.

    At the config prompt (config)#, enable BGP by running the command router bgp <AS Number>. You are now in Router Configuration mode. You must now configure the BGP protocol.

    Note: The prompt changes to (config-[protocol_name])# in Router Configuration mode. When in this mode, the order of the commands run is not important. Changes are only performed on exiting the mode.

    To exit the Router Configuration mode and return one mode back, i.e. to the Global Configuration mode, run the exit command. To exit the Router Configuration mode and return to the Main mode, run the end command.

  8. Specify which networks will be advertised to other BGP peers, by using network <ipv4_address> mask <netmask>.

    For example:
    network mask

    Note: There is an optional parameter: route-map. This parameter may be used for fine tuning and filtering. The syntax is :network <ipv4_address> mask <netmask> route-map <route-map name>.

  9. BGP operates in two modes:
    • EBGP (External BGP)
    • IBGP (Internal BGP)

    In general, BGP operates in the EBGP mode, connecting routers in different ASs. Sometimes the administrator may define routers, located in the same AS, as neighbors, in order to simplify and unify topology and communication.

    Neighbors are defined by running the neighbor command.

    The syntax is either:
    neighbor <ipv4_address> remote-as <AS Number>
    neighbor <ipv4_address> local-as <AS Number> (Note: The local-as command syntax is valid only for external peers.)
    The following example causes BGP to represent itself to the peer as being in AS 100.
    (config)# router bgp 64512 
    (config-router-bgp)# bgp router-id 
    (config-router-bgp)# neighbor remote-as 5 
    (config-router-bgp)# neighbor local-as 100 
    (config-router-bgp)# exit 
  10. Configure BGP filtering. Since BGP is a policy oriented protocol, filtering is extremely important. You may use one of the following commands:
    • distribute-list: Configures policy for BGP to apply to incoming or outgoing updates.
    • route-map: This parameter may be used as part of either the neighbor or network commands as follows:
      • neighbor <ipv4_address> route-map <route-map name> <out/in>
      • network <ipv4_address> mask <netmask> route-map <route-map name>. (In this syntax, direction is always out.)

  11. Enter <?> to see optional commands (e.g. redistribute). The redistribute command inserts external routes into a current instance of the BGP protocol. You may want to redistribute direct or kernel routes into the BGP advertisements. The command syntax is: redistribute <protocol>
    • redistribute direct: Redistribute routes defined from sysconfig or SecurePlatform shell.
    • redistribute kernel: Redistribute routes defined by OS according to interface IPs.

  12. Exit the Router Configuration mode and return one mode back, i.e. to the Global Configuration mode, by running the exit command.

  13. After these values are entered, exit Router Configuration mode and then exit Global Configuration mode.

Once you return to the Privileged Execution mode, if you want these values to be saved through reboot or different gated sessions, you must store all the applied changes. Do so by running the command write memory.


Related documentation:


Related solutions:

This solution is about products that are no longer supported and it will not be updated

Give us Feedback
Please rate this document