Configure the RRAS Multitenant Gateway for Dynamic Routing with BGP
You can use this topic to enable Border Gateway Protocol (BGP) for each of your tenants on the Routing and Remote Access Service (RRAS) Multitenant Gateway (MTGW). When you enable BGP on the MTGW and on tenant routers, routes are dynamically exchanged between peers, eliminating the need for constant manual route updates and providing automatic rerouting of network traffic if a peer becomes unavailable due to hardware or other failure.
This topic contains the following sections.
Following are the prerequisites for adding BGP routers for tenants.
- You must replace the Autonomous Systems Number (ASN) in the Windows PowerShell commands below with values that are suitable for your deployment. The values that are provided in this topic are examples only.
To enable BGP on the RRAS MTGW
If your tenants' remote routers are also running Windows Server 2012 R2 Routing and Remote Access (RRAS) configured as a BGP router, your tenants can configure their routers by using the commands in this section. If tenants are using third party BGP routers instead, refer to the router documentation for configuration instructions.
On the RRAS MTGW Hyper-V host, open Windows PowerShell with Administrator privileges. For each tenant that has site-to-site VPN connections established to remote tenant resources, add a BGP router using the following command.
Add-BgpRouter -RoutingDomain $Contoso_RoutingDomain -BgpIdentifier $Contoso_BGPAddress -LocalASN $Contoso_BGP_LocalASN Add-BgpRouter -RoutingDomain $Fabrikam_RoutingDomain -BgpIdentifier $Fabrikam_BGPAddress -LocalASN $Fabrikam_BGP_LocalASN
Add BGP peers to the BGP router for each of the tenant’s remote sites. The –PeeringMode value of Automatic in the command below allows BGP to automatically initiate connections to peers and receive connections from peers.
Add-BgpPeer -RoutingDomain $Contoso_RoutingDomain -Name "ContosoTenantSite1" -LocalIPAddress $Contoso_BGPAddress -PeerIPAddress $Contoso_BGPPeerAddress -PeerASN $Contoso_BGP_PeerASN Add-BgpPeer -RoutingDomain $Fabrikam_RoutingDomain -Name "FabrikamTenantSite1" -LocalIPAddress $Fabrikam_BGPAddress -PeerIPAddress $Fabrikam_BGPPeerAddress -PeerASN $Fabrikam_BGP_PeerASN
Configure the remote tenant routers with BGP and matching BGP peers and routes.
To allow the triggering of site-to-site VPN connections from the BGP router to the remote tenant sites, add the host-specific route of the remote BGP peer to the site-to-site VPN interface in the tenant compartment on the MTGW.
Set-VpnS2SInterface -Name <TenantS2SInterfaceName> -IPv4Subnet <IPv4Address/PrefixLength:Metric>
Add custom networks for advertisements to peers.
Add-BgpCustomRoute -RoutingDomain $Contoso_RoutingDomain -Interface $Contoso_MTInterface Add-BgpCustomRoute -RoutingDomain $Fabrikam_RoutingDomain -Interface $Fabrikam_MTInterface
After you add routes, the BGP router automatically begins to advertise them to peers.
Windows PowerShell command reference links
The script in this topic uses the following Windows PowerShell commands. Click a link to open the help topic for the command.
Add-BgpRouter. Adds a BGP router.
Add-BgpPeer. Adds a BGP peer to the current router.
Set-VpnS2SInterface. Modifies parameters for a site-to-site (S2S) interface.
Add-BgpCustomRoute. Adds custom routes to the BGP routing table.