Configure multiprotocol BGP in IPv4 or IPv6 BGP sessions

Cloud Router lets you enable and disable IPv4 or IPv6 route exchange in individual Border Gateway Protocol (BGP) sessions that use multiprotocol BGP (MP-BGP). With MP-BGP, you can exchange IPv6 routes over an IPv4 BGP session or IPv4 routes over an IPv6 BGP session. IPv6 BGP session support is in Preview.

To exchange both IPv4 and IPv6 traffic in a single BGP session, you must select the IPv4 and IPv6 (dual-stack) stack type in your Network Connectivity product, such as HA VPN or Dedicated Interconnect.

You can enable or disable IPv4 or IPv6 route exchange in a specific BGP session by modifying the configuration of the BGP peer. Disabling IPv4 or IPv6 route exchange is useful if you need to troubleshoot IPv4- or IPv6-specific network issues. Another reason might be that you want to disable traffic temporarily in a dual-stack HA VPN tunnel without deleting the tunnel and gateway.

If you disable IPv4 or IPv6 route exchange in a BGP session and then later re-enable it, IPv4 or IPv6 next hop addresses that were previously assigned are not relinquished. You can reuse those IPv4 or IPv6 next hop addresses if IPv4 or IPv6 is enabled in the BGP session again.

Before you begin

To use the command-line examples in this guide, do the following:

  1. Install or update to the latest version of the Google Cloud CLI.
  2. Set a default region and zone.

To use the API examples in this guide, set up API access.

Configure an IPv4 BGP session

This section describes how to modify the configuration of an IPv4 BGP session.

You cannot disable IPv4 route exchange in an IPv4 BGP session.

Enable IPv6 route exchange

This procedure assumes that you are modifying BGP IPv4 sessions that have already been created for HA VPN tunnels or VLAN attachments.

It also assumes that you have configured the associated HA VPN gateway or VLAN attachment to use the IPv4 and IPv6 dual stack as described in the following procedures:

To enable IPv6 route exchange in an existing IPv4 BGP session, perform the following steps.

Console

For HA VPN

  1. To configure a BGP session for HA VPN, in the Google Cloud console, go to the Cloud VPN tunnels page.

    Go to Cloud VPN tunnels

  2. Select the Cloud VPN tunnel that contains the BGP session to update.

  3. On the VPN tunnel details page, click Edit BGP session.

  4. To enable IPv6 route exchange, click the Enable IPv6 traffic toggle.

  5. Optional: You can allocate the IPv6 next hop addresses for HA VPN tunnels manually or automatically.

    • To allocate the addresses automatically, select Automatically.
    • To allocate the addresses manually:
      1. Select Manually.
      2. Enter the IPv6 address for the Cloud Router IPv6 next hop. This address is an IPv6 address used by Cloud Router for this Cloud VPN tunnel. This IPv6 address is advertised as the next hop for the IPv6 routes that Cloud Router advertises to its BGP peer. The address must be in the range 2600:2d00:0:2::/63.
      3. Enter the IPv6 address for the Peer IPv6 next hop. This address is the IPv6 address of the on-premises router or peer VPN device. This IPv6 address is the next hop for the IPv6 routes learned from the BGP peer of Cloud Router. The address must be in the range 2600:2d00:0:2::/63.

  6. Click Save and continue.

For Dedicated Interconnect

  1. To configure a BGP session for Dedicated Interconnect, go to the VLAN attachments page.

    Go to VLAN attachments

  2. Select the VLAN attachment that contains the BGP session to update.

  3. On the VLAN attachment details page, click Edit BGP session.

  4. To enable IPv6 route exchange, click the Enable IPv6 traffic toggle.

  5. Click Save and continue. Note: You cannot change IPv6 next-hop configuration in Cloud Interconnect. Google Cloud automatically assigns IPv6 next hop addresses to VLAN attachments.

gcloud

Run the update-bgp-peer command. Use the --enable-ipv6 flag to allow the BGP session to exchange IPv6 routes, as shown in the following example:

gcloud compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME \
    --enable-ipv6

Optionally, when you enable IPv6 traffic for a BGP session used in an HA VPN tunnel, you can specify IPv6 next hop addresses:

gcloud compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME \
    --enable-ipv6 \
    --ipv6-nexthop-address=IPV6_NEXTHOP_ADDRESS \
    --peer-ipv6-nexthop-address=PEER_IPV6_NEXTHOP_ADDRESS

Replace the following:

  • IPV6_NEXTHOP_ADDRESS: the IPv6 address used by Cloud Router for this Cloud VPN tunnel. This IPv6 address is advertised as the next hop for the IPv6 routes that Cloud Router advertises to its BGP peer.

    The address must be in the IPv6 range 2600:2d00:0:2::/63.

  • PEER_IPV6_NEXTHOP_ADDRESS: the IPv6 address of the on-premises router. This IPv6 address is the next hop for the IPv6 routes learned from the BGP peer of the Cloud Router. The address must be in the range 2600:2d00:0:2::/63.

If you don't specify the next hop addresses, Google Cloud automatically assigns unused addresses from the 2600:2d00:0:2::/63 IPv6 range for you.

API

Use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to enable IPv6 in the BGP session, set bgpPeers[].enableIpv6 to TRUE.

    PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
{
  "bgpPeers": [
    BGP_PEERS
  ]
}

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example enables IPv6 in the session for the first BGP peer:

        {
      "name": "peer-1",
      "interfaceName": "if-peer-1",
      "ipAddress": "169.254.10.1",
      "peerIpAddress": "169.254.10.2",
      "peerAsn": 64512,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv6": true
    },
    {
      "name": "peer-2",
      "interfaceName": "if-peer-2",
      "ipAddress": "169.254.20.1",
      "peerIpAddress": "169.254.20.2",
      "peerAsn": 64513,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv6": false
      "
    }

    Additionally, if you are enabling IPv6 traffic for a BGP session used in an HA VPN tunnel, you can specify IPv6 next hop addresses:

        {
      "name": "peer-1",
      "interfaceName": "if-peer-1",
      "ipAddress": "169.254.10.1",
      "peerIpAddress": "169.254.10.2",
      "peerAsn": 64512,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv6": true,
      "ipv6NexthopAddress": "2600:2d00:0:0:0:0:1:5",
      "peerIpv6NexthopAddress": "2600:2d00:0:0:0:0:1:6"
    },
    {
      "name": "peer-2",
      "interfaceName": "if-peer-2",
      "ipAddress": "169.254.20.1",
      "peerIpAddress": "169.254.20.2",
      "peerAsn": 64513,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv6": false
    }

    Use the values of ipv6NexthopAddress and peerIpv6NexthopAddress to configure your on-premises router or peer VPN device.

    To view example configurations for HA VPN and your peer VPN device, see Set up third-party VPNs for IPv4 and IPv6 traffic.

    To view example configurations for Dedicated Interconnect and your on-premises router, see Set up on-premises routers for IPv4 and IPv6 traffic.

Disable IPv6 route exchange

This procedure assumes that you are modifying an existing BGP IPv4 session that previously enabled IPv6.

Console

For HA VPN

  1. In the Google Cloud console, go to the Cloud VPN tunnels page.

    Go to Cloud VPN tunnels

  2. Select the Cloud VPN tunnel that contains the BGP session to update.

  3. On the VPN tunnel details page, click Edit BGP session.

  4. To disable IPv6 route exchange, click the Enable IPv6 traffic toggle.

  5. Click Save and continue.

For Dedicated Interconnect

  1. In the Google Cloud console, go to the VLAN attachments page.

    Go to VLAN attachments

  2. Select the VLAN attachment that contains the BGP session to update.

  3. On the VLAN attachment details page, click Edit BGP session.

  4. To disable IPv6 route exchange, click the Enable IPv6 traffic toggle.

  5. Click Save and continue.

gcloud

Run the update-bgp-peer command. Use the --no-enable-ipv6 flag to prevent the BGP session from exchanging IPv6 routes, as shown in the following example:

gcloud compute routers update-bgp-peer ROUTER_NAME \
--peer-name=PEER_NAME \
--no-enable-ipv6

API

Use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to disable IPv6 in the BGP session, set bgpPeers[].enableIpv6 to FALSE.

    PATCH https://compute.googleapis.com/compute/v1/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
{
  "bgpPeers": [
    BGP_PEERS
  ]
}

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example disables IPv6 in the session for the first BGP peer:

        {
      "name": "peer-1",
      "interfaceName": "if-peer-1",
      "ipAddress": "169.254.10.1",
      "peerIpAddress": "169.254.10.2",
      "peerAsn": 64512,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv6": false
    },
    {
      "name": "peer-2",
      "interfaceName": "if-peer-2",
      "ipAddress": "169.254.20.1",
      "peerIpAddress": "169.254.20.2",
      "peerAsn": 64513,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv6": false
    }

Configure an IPv6 BGP session

This section describes how to modify the configuration of an IPv6 BGP session.

You cannot disable IPv6 route exchange in an IPv6 BGP session.

Enable IPv4 route exchange over an IPv6 BGP session

This procedure assumes that you are modifying BGP IPv6 sessions that have already been created for HA VPN tunnels or VLAN attachments.

It also assumes that you have already configured an IPv4 and IPv6 (dual-stack) HA VPN gateway or VLAN attachment as described in the following procedures:

To enable IPv4 route exchange in an existing IPv6 BGP session, perform the following steps.

gcloud

Run the update-bgp-peer command. Use the --enable-ipv4 flag to allow the BGP session to exchange IPv4 routes, as shown in the following example:

gcloud beta compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME \
    --enable-ipv4

Optionally, when you enable IPv4 traffic for an IPv6 BGP session used in an HA VPN tunnel, you can specify the IPv4 next hop addresses:

gcloud beta compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME \
    --enable-ipv4 \
    --ipv4-nexthop-address=IPV4_NEXTHOP_ADDRESS \
    --peer-ipv4-nexthop-address=PEER_IPV4_NEXTHOP_ADDRESS

Replace the following:

  • IPV4_NEXTHOP_ADDRESS: the IPv4 address used by Cloud Router for this HA VPN tunnel. This IPv4 address is advertised as the next hop for the IPv4 routes that Cloud Router advertises to its BGP peer. The address must be in the IPv4 link-local range 169.254.0.0/16.

  • PEER_IPV4_NEXTHOP_ADDRESS: the IPv4 address of the on-premises router. This IPv4 address is the next hop for the IPv4 routes learned from the BGP peer of Cloud Router. The address must be in the IPv4 link-local range 169.254.0.0/16.

    If you don't specify the next-hop addresses, Google Cloud automatically assigns unused addresses from the IPv4 link-local 169.254.0.0/16 range for you.

API

Use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to enable IPv4 in the BGP session, set bgpPeers[].enableIpv4 to TRUE.

    PATCH https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
{
  "bgpPeers": [
    BGP_PEERS
  ]
}

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example enables IPv4 in the session for the first BGP peer:

        {
      "name": "peer-1",
      "interfaceName": "if-peer-1",
      "ipAddress": "fdff:1::1",
      "peerIpAddress": "fdff:1::2",
      "peerAsn": 64512,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv4": true

    },
    {
      "name": "peer-2",
      "interfaceName": "if-peer-2",
      "ipAddress": "fdff:1::3",
      "peerIpAddress": "fdff:1::4",
      "peerAsn": 64513,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv4": false
    }

    Additionally, if you are enabling IPv4 traffic for a BGP session used in an HA VPN tunnel, you can specify IPv4 next hop addresses:

        {
      "name": "peer-1",
      "interfaceName": "if-peer-1",
      "ipAddress": "fdff:1::1",
      "peerIpAddress": "fdff:1::2",
      "peerAsn": 64512,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv4": true,
      "ipv4NexthopAddress": "169.254.0.1",
      "peerIpv4NexthopAddress": "169.254.0.2"
    },
    {
      "name": "peer-2",
      "interfaceName": "if-peer-2",
      "ipAddress": "fdff:1::3",
      "peerIpAddress": "fdff:1::4",
      "peerAsn": 64513,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv4": false
    }

Disable IPv4 route exchange over an IPv6 BGP session

This procedure assumes that you are modifying an existing IPv6 BGP session that previously exchanged IPv4 routes.

gcloud

Run the update-bgp-peer command. Use the --no-enable-ipv4 flag to prevent the IPv6 BGP session from exchanging IPv4 routes, as shown in the following example:

gcloud beta compute routers update-bgp-peer ROUTER_NAME \
    --peer-name=PEER_NAME \
    --no-enable-ipv4

API

Use the routers.patch method to update the bgpPeers[] field.

The bgpPeers[] field accepts an array of BGP peers. When you PATCH this field, you overwrite the existing array of BGP peers with the new array included in your request.

  1. Send a GET request to get the current array of BGP peers for the router. For details, see View BGP session configuration.

  2. Send a PATCH request with a new array of BGP peers. For each BGP peer for which you want to disable IPv4 in the BGP session, set bgpPeers[].enableIpv4 to FALSE.

    PATCH https://compute.googleapis.com/compute/beta/projects/PROJECT_ID/regions/REGION/routers/ROUTER_NAME
{
  "bgpPeers": [
    BGP_PEERS
  ]
}

    Replace the following:

    • PROJECT_ID: the project that contains the Cloud Router
    • REGION: the region where the Cloud Router is located
    • ROUTER_NAME: the name of the Cloud Router
    • BGP_PEERS: the contents of the new array of BGP peers

    The following example disables IPv4 in the session for the first BGP peer:

        {
      "name": "peer-1",
      "interfaceName": "if-peer-1",
      "ipAddress": "fdff:1::1",
      "peerIpAddress": "fdff:1::2",
      "peerAsn": 64512,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv4": false
    },
    {
      "name": "peer-2",
      "interfaceName": "if-peer-2",
      "ipAddress": "fdff:1::3",
      "peerIpAddress": "fdff:1::4",
      "peerAsn": 64513,
      "advertisedRoutePriority": 100,
      "advertiseMode": "DEFAULT",
      "advertisedGroups": [],
      "advertisedIpRanges": [],
      "enable": "TRUE",
      "enableIpv4": false
    }

What's next