Skip to main content
Versa Networks

Configure SASE BGP Peer Policies

  1. Last updated
  2. Save as PDF

Versa-logo-release-icon.pngFor supported software information, click here.

BGP peer policies consist of one or more terms for filtering BGP routes that are received from remote BGP peers or that are advertised to remote BGP peers. You can configure import policies to modify or reject routes coming from remote BGP peers, and you can configure export policies to apply policies to routes that are advertised to BGP peers. After you configure BGP peer policies, you use them when configuring site-to-site tunnels. For more information about site-to-site tunnels, see Configure SASE Site-to-Site Tunnels.

To configure BGP peer policies:

  1. Go to Configure > Secure Services Edge > Settings.

    sase-bgp-peer-policies-menu.png
     
  2. Click BGP Peer Policies. The screen displays all configured peer policies.

    sase-bgp-peer-policy-home.png
     
  3. Click + Add BGP Policy to add a new peer policy. The Add BGP Peer Policy screen displays.

    add-BGP-peer-policy-border.png
     
  4. Click + Add under Enter Policy Term. The Add Policy Term screen displays.

    sase-bgp-peer-policy-add-policy-term-criteria.png
     
  5. Click Criteria to specify the match criteria. Enter information for the following fields.
     
    Field Description
    Criteria (Group of Fields)  
    • Community
    		 Enter the BGP community string to match. A BGP community is a group of destinations with a common property. This path attribute in BGP update messages identifies community members and performs actions at a group level instead of at an individual level. BGP communities help identify and segregate BGP routes, enabling smooth traffic flow.
    • Extended Community

    Enter the extended BGP community string to match. In an extended community, you can group a larger number of destinations than in a community.

    Range: 0000000000000000 to FFFFFFFFFFFFFFFF

    Default: None
    • AS Path
    		 Enter the AS path number to match.
    • Metric
    		 (For Releases 12.2.1 and later.) Enter the metric value to assign to the route.

    Range: 0 through 4294967295
    • IPv4 NLRI (Group of Fields)
    		  
    • IPv4 Prefixes

    Enter information about the IPv4 prefix:

    • IPv4 Subnet—Enter a valid IPv4 prefix, for example, 10.1.1.0/24.
    • Minimum Length—Enter the minimum prefix length to match. The minimum prefix length must be less than the maximum prefix length.
      Range: 24 through 32
      Default: None
    • Maximum Length—Enter the maximum prefix length to match. The minimum prefix length must be less than the maximum prefix length.
      Range: 0 through 32
      Default: None
    • Action—Select the Permit or Deny action from the drop-down list.
    • Click the plus-icon-blue-on-gray.png Plus icon to add additional IPv4 prefixes. Click the minus-icon-blue-on-gray.png Minus icon to remove IPv4 prefixes.
    • IPv6 NLRI (Group of Fields)
    		  
    • IPv6 Prefixes

    Enter information about the IPv6 prefix:

    • IPv6 Subnet—Enter the IPv6 prefix, which must be 2001::/24.
    • Minimum Length—Enter the minimum prefix length to match. The minimum prefix length must be less than the maximum prefix length.
      Range: 0 through 128
      Default: None
    • Maximum Length—Enter the maximum prefix length to match. The minimum prefix length must be less than the maximum prefix length.
      Range: 0 through 128
      Default: None
    • Action—Select the Permit or Deny action from the drop-down list.
    • Click the plus-icon-blue-on-gray.png Plus icon to add additional IPv6 prefixes. Click the minus-icon-blue-on-gray.png Minus icon to remove IPv6 prefixes.
  6. Click Action, and then enter information for the following fields.

    sase-bgp-peer-policy-add-policy-term-action.png
     
    Field Description
    Action (Group of Fields)  
    • Action

    Select the action to take on the routes:

    • Accept
    • Reject
    • Local Preference

    Enter the local preference value to use to choose the outbound external BGP path.

    Range: 0 through 2147483647
    • Next Term
    		 (For Releases 12.2.1 and later.) Select the name of the next term to evaluate. You can use this field to create a sequence of terms, and then you use the Next-Term Action field to configure the sequence as an AND or OR series.
    • Next Term Action

    (For Releases 12.2.1 and later.) When you use the Next Term field, select whether to create an AND series and an OR series:

    • AND Series—Add this term to an AND series.
    • OR Series—Add this term to an OR series.
    • Enabled ECMP for BGP Routes in RIB
    		 Select to perform equal-cost multipath (ECMP) for BGP paths in the route table. BGP performs ECMP load balancing when two or more routes have the same administrative distance.
    • Route Preference

    Enter a route preference value for routes learned from EBGP.

    Range: 0 through 255

    Default: None
    • Metric Action

    Select the metric action to take:

    • Set Value
    • IGP (interior gateway protocol)
    • Add
    • Subtract
    • Metric

    Enter a metric value. If you select the IGP metric action, do not configure a metric value.

    Range: 0 through 4294967295.
    Community (Group of Fields)  
    • Community Action

    Select how to match the community list for a route:

    • Community field is ignored.
    • Remove all communities from the route.
    • Replace all communities with the single community specified by set-community.
    • Remove all communities that match community value.
    • Append the value of community value into the communities list.
    • Community Value

    Enter the community value. The value should be a set of communities separated by a space in the format 2-byte decimal:2-byte decimal. Note that not all extended community actions require a community value.

    Range: 0 through 65535
    • Extended Community Action

    Select how to match the community list for a route:

    • Community field is ignored.
    • Remove all communities from the route.
    • Replace all communities with the single community specified by set-community.
    • Remove all communities that match community value.
    • Append the value of community value into the communities list.
    • Extended Community Value

    Enter the BGP extended community value. The extended community value should be 16 characters.

    Range: 0000000000000000 to FFFFFFFFFFFFFFFF

    Default: None
    AS Path (Group of Fields)  
    • AS Path Action

    Select a regular expression to match the AS path for the route:

    • No AS path action.
    • Prepend the local AS path the number of times specified by local AS prepend count.
    • Remove all AS numbers matched by match as-path.
    • Remove all AS numbers matched by match as-path and prepend the local AS the number of times specified by the local AS prepend count.
    • AS Path Prepend

    Select how to prepend the AS number to an AS path.

    Range: 1 through 4294967295
    • Local AS Path Count
    		 Enter a value from 1 through 255.
  7. Click General Information, and enter information for the following fields.

    add-BGP-policy-term-general-information-border.png
     
    Field Description
    Term Name (Required) Enter a name for the policy term.
    Description Enter a text description for the policy term.

     
  8. Click Save to save the policy term.
  9. Click the Enter Name, Description & Tags box, and then enter information for the following fields.

    add-BGP-peer-policy-name-border.png
     
    Field Description
    Name (Required) Enter a name for the BGP peer policy.
    Description Enter a text description for the BGP peer policy.
    Tags Enter one or more tags. A tag is an alphanumeric descriptor, with no white spaces or special characters, that you can use to search the objects.
  10. Click Save to save the BGP peer policy.

Reorder Policy Terms

The order in which policy terms are listed on the Policy Term screen determines the order which terms are processed. You can reorder the terms so that a specific term is processed first, last, or, when there are three or more terms, in a specific location in the list.

To reorder policy terms:

  1. Go to the Edit BGP Peer Policy screen.
     policy-term-reorder-border.png
     
  2. Select the term that you want to move in the list, and then click Reorder. The Configure Rule Order screen displays.

    configure-rule-order-border.png
     
  3. Select order in which you want to process the term.
  4. Click Move. In the example above, the rule "policyterm" is moved to the bottom of the list.

Clone a BGP Peer Policy

  1. Go to Configure > Secure Services Edge > Settings > BGP Peer Policies. The screen displays the configured BGP peer policies.

    BGP-peer-policy-dashboard-clone-border.png
     
  2. Click the checkbox next to the name of the policy that you want to clone.
  3. Click Clone in the horizontal menu bar. In the Clone BGP Peer Policy screen, enter information for the following fields in the Enter Name, Description & Tags section.

    add-BGP-peer-policy-clone-name-border.png
     
    Field Description
    Name (Required) You can retain the name "Copy of policy_name", or you can enter a new name for the cloned policy.
    Description Enter a text description of the cloned BGP peer policy.
    Tags Enter one or more tags. A tag is an alphanumeric descriptor, with no white spaces or special characters, that you can use to search the objects.
  4. Click Save.

Supported Software Information

Releases 11.3.1 and later support all content described in this article, except:

  • Release 12.2.1 adds support for the Metric field for policy term match criteria, and Next Term and Next Term Action fields for policy term actions.

Additional Information

Configure SASE Site-to-Site Tunnels