Kaspersky SD-WAN
- About Kaspersky SD-WAN
- Architecture of the solution
- Redundancy and fault tolerance
- Ensuring security
- User interface of the solution
- Authentication in Kaspersky SD-WAN
- Setting and resetting the default page
- Switching between light and dark theme
- Limiting the duration of a user session when idle
- Viewing active user sessions
- Configuring the Docker container log verbosity
- Navigating to the orchestrator API
- Changing the language of the orchestrator web interface
- Licensing of Kaspersky SD-WAN
- Managing Kaspersky SD-WAN domains
- Managing data centers
- Managing VIMs
- Managing subnets
- Viewing logs
- Service Requests
- Managing network services
- User roles and actions with network services
- Uploading a VNF or PNF package to the orchestrator
- Network service template
- Creating a network service
- Configuring network service topology components
- Editing a network service topology
- Deploying a network service
- Checking the consistency of a network service
- Redeploying a network service and its components
- Auto-Healing
- Managing VNFs and VDUs in a network service
- Viewing the network service log
- Deleting a network service
- Managing confirmation requests
- Managing users
- Creating an LDAP connection
- Editing an LDAP connection
- Changing the password of an LDAP connection
- Deleting an LDAP connection
- Creating access permissions
- Editing access permissions
- Cloning access permissions
- Removing an access permission
- Creating a user
- Editing a user
- Changing user password
- Activating or blocking a user
- Deleting a user
- Creating a user group
- Editing a user group
- Deleting a user group
- Managing tenants
- Creating a tenant
- Assigning a VIM to a tenant
- Assigning topology components to a tenant
- Assigning compute resources to a tenant
- Assigning a user to a tenant
- Assigning a user group to a tenant
- Authenticating as an administrator in the tenant's orchestrator web interface
- Editing a tenant
- Deleting a tenant
- Managing SD-WAN instances
- Creating an SD-WAN instance template
- Setting the default SD-WAN instance template
- Deleting an SD-WAN instance template
- Adding a tenant to an SD-WAN instance template
- Removing a tenant from an SD-WAN instance template
- Configuring high availability
- Choosing a transport strategy
- Adding a tenant to an SD-WAN instance
- Removing a tenant from an SD-WAN instance
- Viewing devices assigned to an SD-WAN Instance
- Deleting an SD-WAN instance
- Creating a pool of SD-WAN instances
- Adding an SD-WAN instance to a pool
- Removing an SD-WAN instance from a pool
- Deleting a pool of SD-WAN instances
- Managing CPE devices
- Composition of CPE devices
- Composition of uCPE devices
- SD-WAN managementTunnel management transport service
- Automatic configuration of CPE (ZTP) devices
- CPE device statuses and states
- Ensuring connectivity of CPE devices with SD-WAN Controllers
- Automatically updating the link cost based on maximum speed of the interface
- CPE template
- Creating a CPE device
- Specifying the address of a CPE device
- Registering a CPE device
- Activating or deactivating a CPE device
- Using a web address to activate a CPE device
- Connecting to the CPE device console
- Deleting a CPE device
- Viewing the password of a CPE device
- Restarting a CPE device
- Shutting down a CPE device
- Exporting settings and SD-WAN interfaces from a CPE device
- Exporting network interfaces from a CPE device
- Searching for CPE devices
- Automatic removal and deactivation of a CPE device
- Two-factor authentication of a CPE device
- Orchestrator certificates
- Tags
- Out-of-band management of CPE devices
- Managing CPE devices in SD-WAN controller menu
- Viewing the OpenFlow table of a CPE device
- Viewing statistics of OpenFlow interfaces
- Viewing statistics of queues on LAN interfaces
- Navigating to service interfaces on a CPE device
- Viewing the specifications of a CPE device
- Viewing the usage of a CPE device
- Changing the status of a CPE device in the SD-WAN Controller
- Changing the MAC address of a CPE device
- Terminating the TCP session between a CPE device and the SD-WAN Controller
- Scripts
- Network interfaces
- Configuring the connection of a CPE device to the SD-WAN network
- SD-WAN interfaces
- OpenFlow interfaces
- Service interfaces and UNIs
- Creating a service interface
- Creating an ACL interface
- Viewing the usage of a service interface and an ACL interface
- Deleting a service interface and an ACL interface
- Creating a UNI template
- Creating a UNI in a template
- Editing a UNI in a template
- Deleting a UNI in a template
- Deleting a UNI template
- Creating a UNI
- Editing a UNI
- Deleting a UNI
- Filtering routes
- The BGP dynamic routing protocol
- The OSPF dynamic routing protocol
- The BFD protocol
- Creating or deleting a static IPv4 route
- The VRRP protocol
- Viewing the settings of the CPE device connection to the service provider network
- Configuring the connection of a CPE device to a Syslog server
- Configuring the connection of a CPE device to an NTP server
- Firmware
- Monitoring solution components
- Tunnels, segments, and paths
- Configuring topology
- Quality of Service (QoS)
- Transport services
- Point-to-Point (P2P) transport service
- Point-to-Multipoint (P2M) transport service
- Multipoint-to-Multipoint (M2M) transport service
- Adding a transport service in a CPE template
- Editing a transport service in a CPE template
- Deleting a transport service from a CPE template
- Scenario: Directing application traffic to a transport service
- Traffic mirroring
- Task scheduler
- Configuring the SD-WAN Controller
- Editing the SD-WAN Controller
- Restarting the SD-WAN Controller
- Downloading a backup SD-WAN Controller configuration file
- Restoring the SD-WAN Controller
- Deleting the SD-WAN Controller
- SD-WAN Controller properties
- Viewing information about SD-WAN Controller nodes
- Viewing the topology of a deployed SD-WAN instance
- Contacting Technical Support
- Appendices
- Glossary
- Control plane
- Customer Premise Equipment (CPE)
- Data plane
- DSCP values
- Graceful restart
- Orchestrator
- Physical Network Function (PNF)
- PNF package
- SD-WAN Controller
- SD-WAN Gateway
- Software-Defined Networking (SDN)
- Software-Defined Wide Area Network (SD-WAN)
- Tenant
- Universal CPE (uCPE)
- Virtual Infrastructure Manager (VIM)
- Virtual Network Function (VNF)
- Virtual Network Function Manager (VNFM)
- VNF Package
- Information about third-party code
- Trademark notices
Managing CPE devices > The BGP dynamic routing protocol > Creating a BGP peer
Creating a BGP peer
Creating a BGP peer
You can create a BGP peer on an individual CPE device or on all devices that use the CPE template. The maximum number of dynamic BGP peers is 512. If you plan to use route filtering, before creating a BGP peer, you must do the following:
To create a BGP peer, use the following instructions:
- Creating a BGP peer on an individual CPE device.
To create a BGP peer on an individual CPE device:
- In the menu, go to the SD-WAN section.
By default, the CPE subsection is displayed with a table of CPE devices.
- Click the CPE device.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
. - Select the BGP settings → Neighbors tab.
A table of BGP peers is displayed.
- Select the Override check box to ignore the applied CPE template and make the settings in the selected tab editable. This check box is cleared by default.
- Click + BGP neighbor.
- This opens a window; in that window, in the Name field, enter the name of the BGP peer. Maximum length: 50 characters.
- If you do not want to establish a TCP session with the BGP peer after it is created, select the Disable BGP peer check box. This check box is cleared by default.
- In the Neighbor IP field, enter the IPv4 address of the BGP peer.
- In the Remote AS field, enter the autonomous system number of the BGP peer. Range of values: 1 to 4 294 967 295.
- If necessary, enter a brief description of the BGP peer in the Description field.
- In the Password field, enter the password for establishing a TCP session with the BGP peer. To see the entered password, you can click the show button
. For a TCP session to be successfully established between two BGP peers, they must use the same password. - In the Loopback interface field, enter the IP address of the loopback interface that the CPE device must send to the BGP peer when establishing a TCP session.
- In the eBGP hops field, enter the number of hops between the CPE device and the BGP peer if the TCP session is not established directly. Range of values: 1 to 255.
- If necessary, configure BGP timers:
- Select the Custom BGP timers check box. This check box is cleared by default.
- In the Keepalive field, enter the time interval in seconds that the CPE device uses to send keepalive messages to BGP peers. Range of values: 0 to 65,535.
- In the Holdtime field, enter the time in seconds that the CPE device must wait to receive keepalive messages from BGP peers. If no keepalive messages are received from the BGP peer within the specified time, the device considers the peer unavailable. Range of values: 0 to 65,535.
- To use the BFD protocol to detect loss of connectivity, select the BFD check box. This check box is cleared by default.
- Select the Advanced settings to specify advanced BGP peer settings.
- If necessary, select the following check boxes:
- Select the Soft-reconfiguration inbound check box to store routes advertised by the BGP peer locally on the CPE device. This check box is cleared by default.
Using this feature reduces the amount of memory available on the device.
- Select the Attribute unchanged AS path check box to prevent modifying the 'AS path' attribute of routes that the CPE device advertises to the BGP peer.
- Select the Allow AS in check box to allow the CPE device to receive from a BGP peer routes with the 'AS path' attribute, the value of which is the autonomous system number of this device.
- Select the Attribute unchanged next-hop check box to prevent modifying the 'next hop' attribute of routes that the CPE device advertises to the BGP peer.
- Select the Next-hop self check box to use the IP address of the CPE device as the 'next-hop' attribute when advertising routes to the BGP peer.
- Select the Attribute unchanged MED check box to prevent modifying the 'MED' attribute of routes that the CPE device advertises to the BGP peer.
- Select the Route reflector client check box to assign the Route Reflector role to the CPE device and the Route Reflector Client role to the BGP peer. You can only select this check box when configuring a BGP peer that is in the same autonomous system as the CPE device.
By default, all check boxes are cleared.
- Select the Soft-reconfiguration inbound check box to store routes advertised by the BGP peer locally on the CPE device. This check box is cleared by default.
- In the Local AS field, enter the number of the local autonomous system that the CPE device must send to the BGP peer. Range of values: 1 to 4 294 967 295.
- In the Weight field, enter the weight of the routes advertised by the BGP peer. The greater the weight of a route, the higher its priority. Range of values: 0 to 65,535.
- In the Maximum prefix field, enter the maximum number of prefixes that the BGP peer can advertise to a CPE device. Range of values: 1 to 4,294,967,295.
- If you want a CPE device to advertise routes with the 'community' attribute to its BGP peer, select the Send community check box and select the type of attribute to be sent in the drop-down list:
- All to send all available types of the 'community' attribute to the BGP peer.
- Standard and extended community to send 'standard community' and 'extended community' attributes to the BGP peer.
- Extended community to send the 'extended community' attribute to the BGP peer.
- Large community to send the 'large community' attribute to the BGP peer.
- Standard community to send the 'standard community' attribute to the BGP peer.
This check box is cleared by default.
- Select the Default originate check box if you want the CPE device to forward the default route (0.0.0.0) to the BGP peer. This check box is cleared by default. You can also select the Set route map check box and select a previously created route map for the default route from the drop-down list that is displayed.
- Select the Filtering tab to configure route filtering for the BGP peer.
- Under Route map, select previously created route maps for route filtering:
- In the Inbound drop-down list, select the route map that the BGP peer must use when advertising routes to the CPE device.
- In the Outbound drop-down list, select the route map that the CPE must use when advertising routes to the BGP peer.
- Under Prefix list, select previously created prefix lists for route filtering:
- In the Inbound drop-down list, select the prefix list that the BGP peer must use when advertising routes to the CPE device.
- In the Outbound drop-down list, select the prefix list that the CPE must use when advertising routes to the BGP peer.
- Under Access control list, select previously created access control lists for route filtering:
- In the Inbound drop-down list, select the access control list that the BGP peer must use when advertising routes to the CPE device.
- In the Outbound drop-down list, select the access control list that the CPE must use when advertising routes to the BGP peer.
- Click Create.
The BGP peer is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE device.
- In the menu, go to the SD-WAN section.
- Creating a BGP peer on all devices that use the CPE template.
To create a BGP peer on all devices that use the CPE template:
- In the menu, go to the SD-WAN → CPE templates subsection.
A table of CPE templates is displayed.
- Click the CPE template.
The settings area is displayed in the lower part of the page. You can expand the settings area to fill the entire page by clicking the expand button
. - Select the BGP settings → Neighbors tab.
A table of BGP peers is displayed.
- Click + BGP neighbor.
- This opens a window; in that window, in the Name field, enter the name of the BGP peer. Maximum length: 50 characters.
- If you do not want to establish a TCP session with the BGP peer after it is created, select the Disable BGP peer check box. This check box is cleared by default.
- In the Neighbor IP field, enter the IPv4 address of the BGP peer.
- In the Remote AS field, enter the autonomous system number of the BGP peer. Range of values: 1 to 4 294 967 295.
- If necessary, enter a brief description of the BGP peer in the Description field.
- In the Password field, enter the password for establishing a TCP session with the BGP peer. To see the entered password, you can click the show button . For a TCP session to be successfully established between two BGP peers, they must use the same password.
- In the Loopback interface field, enter the IP address of the loopback interface that the CPE device must send to the BGP peer when establishing a TCP session.
- In the eBGP hops field, enter the number of hops between the CPE device and the BGP peer if the TCP session is not established directly. Range of values: 1 to 255.
- If necessary, configure BGP timers:
- Select the Custom BGP timers check box. This check box is cleared by default.
- In the Keepalive field, enter the time interval in seconds that the CPE device uses to send keepalive messages to BGP peers. Range of values: 0 to 65,535.
- In the Holdtime field, enter the time in seconds that the CPE device must wait to receive keepalive messages from BGP peers. If no keepalive messages are received from the BGP peer within the specified time, the device considers the peer unavailable. Range of values: 0 to 65,535.
- To use the BFD protocol to detect loss of connectivity, select the BFD check box. This check box is cleared by default.
- Select the Advanced settings to specify advanced BGP peer settings.
- If necessary, select the following check boxes:
- Select the Soft-reconfiguration inbound check box to store routes advertised by the BGP peer locally on the CPE device. This check box is cleared by default.
Using this feature reduces the amount of memory available on the device.
- Select the Attribute unchanged AS path check box to prevent modifying the 'AS path' attribute of routes that the CPE device advertises to the BGP peer.
- Select the Allow AS in check box to allow the CPE device to receive from a BGP peer routes with the 'AS path' attribute, the value of which is the autonomous system number of this device.
- Select the Attribute unchanged next-hop check box to prevent modifying the 'next hop' attribute of routes that the CPE device advertises to the BGP peer.
- Select the Next-hop self check box to use the IP address of the CPE device as the 'next-hop' attribute when advertising routes to the BGP peer.
- Select the Attribute unchanged MED check box to prevent modifying the 'MED' attribute of routes that the CPE device advertises to the BGP peer.
- Select the Route reflector client check box to assign the Route Reflector role to the CPE device and the Route Reflector Client role to the BGP peer. You can only select this check box when configuring a BGP peer that is in the same autonomous system as the CPE device.
By default, all check boxes are cleared.
- Select the Soft-reconfiguration inbound check box to store routes advertised by the BGP peer locally on the CPE device. This check box is cleared by default.
- In the Local AS field, enter the number of the local autonomous system that the CPE device must send to the BGP peer. Range of values: 1 to 4 294 967 295.
- In the Weight field, enter the weight of the routes advertised by the BGP peer. The greater the weight of a route, the higher its priority. Range of values: 0 to 65,535.
- In the Maximum prefix field, enter the maximum number of prefixes that the BGP peer can advertise to a CPE device. Range of values: 1 to 4,294,967,295.
- If you want a CPE device to advertise routes with the 'community' attribute to its BGP peer, select the Send community check box and select the type of attribute to be sent in the drop-down list:
- All to send all available types of the 'community' attribute to the BGP peer.
- Standard and extended community to send 'standard community' and 'extended community' attributes to the BGP peer.
- Extended community to send the 'extended community' attribute to the BGP peer.
- Large community to send the 'large community' attribute to the BGP peer.
- Standard community to send the 'standard community' attribute to the BGP peer.
This check box is cleared by default.
- Select the Default originate check box if you want the CPE device to forward the default route (0.0.0.0) to the BGP peer. This check box is cleared by default. You can also select the Set route map check box and select a previously created route map for the default route from the drop-down list that is displayed.
- Select the Filtering tab to configure route filtering for the BGP peer.
- Under Route map, select previously created route maps for route filtering:
- In the Inbound drop-down list, select the route map that the BGP peer must use when advertising routes to the CPE device.
- In the Outbound drop-down list, select the route map that the CPE must use when advertising routes to the BGP peer.
- Under Prefix list, select previously created prefix lists for route filtering:
- In the Inbound drop-down list, select the prefix list that the BGP peer must use when advertising routes to the CPE device.
- In the Outbound drop-down list, select the prefix list that the CPE must use when advertising routes to the BGP peer.
- Under Access control list, select previously created access control lists for route filtering:
- In the Inbound drop-down list, select the access control list that the BGP peer must use when advertising routes to the CPE device.
- In the Outbound drop-down list, select the access control list that the CPE must use when advertising routes to the BGP peer.
- Click Create.
The BGP peer is created and displayed in the table.
- In the upper part of the settings area, click Save to save the configuration of the CPE template.
- In the menu, go to the SD-WAN → CPE templates subsection.
Article ID: 244857, Last review: Aug 21, 2024