Border Gateway Protocol:

This is a continuation of series of articles on hosting solutions and services on Azure public cloud with the most recent discussion on Multitenancy here This discusses networking considerations in Multitenant applications.   

This protocol can be configured on a Windows Server with Routing and Remote Access Service Gateway in multitenant mode. It gives the ability to manage the tenant’s vm networks and their remote sites.

BGP is a dynamic routing protocol. It learns the route between sites that are connected using site-to-site VPN connections. It eliminates the need for manual route configuration on routers. When configured as a multi-tenant BGP router to exchange tenant and Cloud Service Provider subnet routes, the RAS gateway is deployed on a vm or a set of vms for high availability. The single tenant edge gateway deployment can be on a physical computer in a LAN deployment.

The Powershell script to configure the multitenant mode looks like this:

$foo_RoutingDomain = “FooTenant”

$bar_RoutingDomain = “BarTenant”

Install-RemoteAccess -MultiTenancy

Enable-RemoteAccessRoutingDomain -Name $foo_RoutingDomain -Type All -PassThru

Enable-RemoteAccessRoutingDomain -Name $bar_RoutingDomain -Type All -PassThru

There can be several modes of deployment between Enterprise sites and a Cloud Service Provider Datacenter. This involves dynamic routing information exchange between an Enterprise and the multiple gateways of the CSP.  A few modes of deployments are enumerated below:

RAS VPN site-to-site gateway with BGP at the Enterprise site edge.

Third Party Gateway with BGP at the Enterprise site edge

Multiple Enterprise sites with Third Party gateways

Separation Termination points for BGP and VPN

The last mode of deployment supports internal BGP (iBGP) and external BGP (eBGP) segregation. The iBGP is only used with the separation of termination points for BGP and VPN.  BGP is used for peering and maintains a separate routing table different from those for internal networks.  The route metrics are based on shortest AS paths rather than distance or cost between hops. Unlike OSPF or interior Gateway Protocol that provides fault tolerance or redundancy and direct connections to external Autonomous Systems, BGP handles multiple connections to an external Autonomous System while allowing the existing router to handle the additional demands. It is an admission control protocol based on path-vector routing. 

The way BGP works are that it establishes neighbor relationships called peers between routers called speakers. If the relationships are all within the same AS, it is called internal BGP. If it connects separate autonomous systems, it is called external BGP. Initially, peers share full routing tables. Afterward, they share only the updates. 

The features of the BGP Router using Windows Server include:

Independent deployment of just the BGP routing role service and not the Remote Access Service which leads improved router performance.

Collection of statistics using Message counters and Route Counters. The Get-BGPStatistics cmdlet provides this information.

Equal Cost multipath routing support for redundant networks

Hold Time Configuration- The BGP Router supports configuration of the Hold Timer Value according to the network requirements.

Internal BGP and external BGP segregation – The local and remote BGP routers are distinct supporting iBGP and eBGP peering. The iBGP is only used with the fourth mode of deployment listed which is the separation of termination points for BGP and VPN.

Latest RFC compliance – RFC-4271 aka BGP-4 protocol compliant implementation implies the product is interoperable with third party vendors.

Ipv4 and ipv6 peering supported- this support comes from ipv4 and ipv6 peering while the BGP router is assigned an ipv4 address.

Ipv4 and ipv6 advertisement capability or Multiprotocol Network layer Reachability Information NLRI is supported

Mixed mode and passive mode peering is supported. The former refers to the BGP Router serving as both the initiator as well as the responder. The latter mode is just responsive so it helps with debugging and troubleshooting.

Route attribute rewrite capability is provided.  The BGP routing policies Next-Hop, MED, Local-Pref and Community are supported.

Route filtering – The BGP router supports filtering ingress or egress route advertisements.