Enabling Gateway BGP Connection Settings

The following BGP configuration settings applies to Aviatrix Transit Gateway, BGP-enabled Spoke Gateway, and Aviatrix Secure Edge Gateway.

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways or Spoke Gateways tab.

  2. In the table, select the gateway for which you want to enable BGP features.

  3. Click the gateway’s Settings tab.

  4. In the Settings tab, expand the BGP section.

  5. Enable the gateway’s BGP features as needed.

Local ASN

The Local AS Number is the Aviatrix gateway’s AS Number. You assign an AS Number to the Aviatrix gateway before you set up the gateway’s BGP connection configurations.

The Autonomous System Number (AS Number) is required for BGP connections. AS Numbers are unique 2-byte or 4-byte numbers. For instance, 64512 to 65534 for 2-byte number or 4200000000 to 4294967274 for 4-byte number.

Manual BGP Advertised CIDR List

By default, Aviatrix Transit Gateway advertises individual Spoke VPC/VNet CIDRs to its BGP neighbors. You can override that by manually entering the intended CIDR list to advertise to VGW.

This feature is critical to limit the total number of routes carried by VGW (maximum is 100).

Gateway Mode

Gateway mode enables you to specify the advertised CIDR list for any BGP peering connection configured on the gateway.

Connection Mode

Connection mode enables you to select a specific BGP connection and set the advertised CIDR list for better route advertising control for each remote BGP peer.

Enabling Manual BGP Route Advertisement

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways or Spoke Gateways tab.

  2. In the table, locate and select the gateway to set manual BGP route advertisement.

  3. Go to the gateway’s Settings tab and expand the Border Gateway Protocol (BGP) section.

  4. Scroll down to Manual BGP Advertised CIDR List.

    1. To specify advertised CIDR list for any BGP connection on the gateway, in the Advertised CIDRs (Per Gateway) field, enter the CIDR list to advertise.

    2. To specify advertised CIDR list for a specific BGP connection on the gateway:

      1. Click on the Connection dropdown menu and select the connection for which to advertise the CIDR list.

      2. In the Advertised CIDRs (Per Connection) field, enter the CIDR list to advertise for the selected connection.

AS Path Prepend

You can insert the Aviatrix gateway’s AS Number to the BGP AS_PATH on the Aviatrix gateway to customize the BGP AP_PATH field when it advertises to VGW or peer devices. For instance, if the Aviatrix gateway’s AS Number is 65458, and you enter 65458, 65478 in the input field, these ASN will appear at the remote peer.

If AS Path Prepend is not configured, the Aviatrix Gateway only advertises route with its own ASN.

Gateway Mode

Gateway mode enables you to specify the AS Path to prepend for any BGP peering connection configured on the gateway.

Connection Mode

Connection mode enables you to select a specific BGP connection and set the AS Path to prepend.

Enabling AS Path Prepend

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways or Spoke Gateways tab.

  2. In the table, locate and select the gateway to enable AS path prepend.

  3. Go to the gateway’s Settings tab and expand the Border Gateway Protocol (BGP) section.

  4. Scroll down to AS Path Prepend.

    1. To specify AS Path Prepend for any BGP connection on the gateway, in the Prepend AS Path (Per Gateway) field, enter the AS Path to prepend.

    2. To specify AS Path Prepend for a specific BGP connection on the gateway:

      1. Click on the Connection dropdown menu and select the connection for which to prepend the AS Path.

      2. In the Prepend AS Path (Per Connection) field, enter the AS Path to prepend for the selected connection.

Preserve AS Path

Preserve AS Path applies to Manual BGP Advertised Network List configured for any BGP peering connection (per Gateway) or a specific BGP connection (per Connection).

  • When enabled, the AS Path is preserved. The Aviatrix Gateway does not advertise Manual BGP Advertised CIDRs if the CIDRs are no longer in the best route DB.

  • When disabled, the AS Path is stripped during BGP route advertisements from the Aviatrix Gateway to neighbors.

BGP ECMP

BGP ECMP enables Equal Cost Multi Path (ECMP) routing for the next hop. When a gateway has multiple BGP connections, Aviatrix Controller will select one of them as the best route and send traffic only to that connection.

With BGP ECMP enabled, Controller will merge other connections for a route if they belong to the same routing domain (if configured) and have the same AS Path length and metric value. Traffic is sent to all the connecitons based on ECMP hashing.

For the Aviatrix Transit Gateway next hop routing decision process, see ActiveMesh 2.0.

BGP Polling Time

Aviatrix Transit and BGP-enabled Spoke Gateways report its BGP routes to the Aviatrix Controller periodically. By default, the periodic timer is 50 seconds. This polling time affects the BGP route change convergence time.

Use BGP Polling Time option to change the default polling time. The range is 10 to 50 seconds.

BGP Hold Time

The BGP Hold Time specifies how long a router waits for incoming BGP messages before it assumes the BGP neighbor is dead.

The Aviatrix Transit and BGP-enabled Spoke Gateway BGP Hold Time is bound to the Aviatrix Keepalive message time, which is always 1/3 of the hold time. By default, the Hold Time is 180 seconds, and the Keepalive time is 60 seconds. If the remote site has a shorter hold time, the shorter hold time is used for the gateway.

Use the BGP Hold Time option to manually set the BGP Hold Time for your Aviatrix Transit and BGP-enabled Spoke Gateway. The supported range is 12 to 180 seconds.

Site2Cloud (S2C) RX Balancing

This option is only available for Aviatrix Transit Gateways deployed in AWS on C5 and C5n instance types (except for c5.large and c5n.large).

The Site2Cloud RX Balancing option can increase forwarding throughput on Aviatrix Transit gateways for BGP-over-GRE External Device traffic (also called Site2Cloud or S2C GRE tunnels), in these situations:

  • On certain topologies that require high throughput, with External Devices that limit the number of GRE tunnels.

  • Where maintaining a high number of GRE tunnels increases the operational burden.

If enabled, this option ensures that the Aviatrix Transit Gateway(s) are configured to maximize RX capacity and distribute ingress GRE tunnel load to all available vCPUs. This is mainly an alternative to building a large number of GRE tunnels, but a greater number of tunnels will be needed if the External Device imposes per-tunnel rate limits. A brief (sub-second) period of packet loss may affect the gateway when this setting is enabled or disabled.

To maximize the forwarding throughput increase enabled by this setting, consider the following:

  • The number of vCPUs provisioned for the Aviatrix Transit Gateway(s) should be significantly higher than the number of GRE tunnels (for example, four GRE tunnels to a 16 vCPUs c5n.4xlarge instance).

  • High Performance Encryption (HPE) should be enabled between Aviatrix Transit Gateways.

  • BGP ECMP should be enabled, to ensure load balancing of return traffic over multiple tunnels.

Gateway Learned CIDR Approval

Use Gateway Learned CIDR Approval to set up an approval process for gateway learned CIDRs. This approval process improves security for your network.

When Gateway Learned CIDR Approval is On, an email notification is sent to the Controller Administrator to approve the learned CIDRs before the learned CIDRs are propagated to the Spoke VPC/VNet route table.

Gateway Mode

Gateway mode is the default approval mode. In this mode, learned CIDR approval applies to all BGP connections configured on the gateway.

Connection Mode

Connection mode enables you to select a specific BGP connection for approval.

Enabling Gateway Learned CIDR Approval

In Aviatrix CoPilot:

  1. Go to Cloud Fabric > Gateways > Transit Gateways or Spoke Gateways tab.

  2. In the table, locate and select the gateway to enable learned CIDR approval.

  3. Go to the gateway’s Settings tab and expand Border Gateway Protocol (BGP) section.

  4. Set Gateway Learned CIDR Approval toggle to On.

    1. To enable learned CIDR approval for all BGP connections configured on the gateway, select Gateway.

      BGP-enabled Spoke Gateway only supports gateway Learned CIDR Approval, not connection based.
    2. To enable learned CIDR approval for a specific BGP connection, select Connection; then from the Connection dropdown menu, select the BGP connection.

      A BGP connection that is not configured for approval learns all the routes from its remote peer automatically.