Technical Guide: BGP VMs
A BGP VM (Border Gateway Protocol Virtual Machine) is a virtual machine that integrates directly into Internet routing. It lets you announce your own IP networks globally, make routing decisions, and build highly available services.
In this guide, we’ll explain how BGP works, the technical prerequisites, and how to put BGP VMs into production.
Basics: What Is BGP?
BGP (Border Gateway Protocol, RFC 4271) is the Internet’s inter-domain routing protocol. It connects autonomous systems (AS) and ensures that packets find the correct path through the global network.
Key characteristics of BGP:
- Path-Vector Protocol – routing decisions are based on path information (AS paths)
- Policy-Based – routes are chosen not just by shortest path but according to policies (preferences, communities, LocalPref, MED, etc.)
- Scalable – over 900,000 IPv4 prefixes and more than 140,000 IPv6 prefixes are distributed via BGP today
Without BGP, there would be no reliable way to interconnect the millions of networks and providers worldwide.
Why a BGP VM?
A BGP-capable VM acts like a router in your backbone and enables you to:
- Announce Your Own IP Prefixes
– Have your networks listed in the global routing table - Control Peering
– Decide which routes you accept or propagate - Deploy Anycast
– Announce the same IP from multiple data centers - Load Balancing & Redundancy
– Dynamically steer traffic across multiple locations - DDoS Mitigation
– Reroute or filter traffic during attacks
Detailed Prerequisites
To deploy a BGP VM effectively, you need:
- Autonomous System Number (ASN)
- Assigned by RIPE NCC, ARIN, LACNIC, or APNIC
- Private ASNs (per RFC 6996): 64512–65534 and 4200000000–4294967294, usable only for internal BGP
- Your Own IP Address Space
- IPv4: at least a /24 for global announcement
- IPv6: at least a /48 (provider-independent)
- Routing Expertise
- Familiarity with BGP attributes: AS_PATH, LocalPref, MED, Communities
- Knowledge of filtering mechanisms (prefix filters, max-prefix, bogon prevention)
- Provider with BGP Support
- Your host must allow you to establish a BGP session
- Typically via eBGP between your ASN and the provider’s ASN
Technical Workflow: Setting Up a BGP VM
- Order the VM
– Choose a Linux distribution (e.g., Debian/Ubuntu) with sufficient CPU, RAM, and network performance. - Install a Routing Daemon
– Popular options:- FRRouting (FRR)
- BIRD 2
- GoBGP
- OpenBGPD
- Configure the Session
– Establish an eBGP session with your provider
– Exchange parameters:- Local ASN (your ASN)
- Remote ASN (provider’s ASN)
- Peering IPs (IPv4 and/or IPv6)
- Optional MD5 password for authentication
- Announce Your Prefixes
– Advertise your networks (e.g.,203.0.113.0/24,2001:db8::/48)
– Use prefix filters to ensure only authorized prefixes are published - Inbound Routes and Policies
– Receive default or full BGP table from the provider
– Control priorities, failover, and traffic engineering with BGP attributes
Example Configuration (BIRD 2)
protocol bgp my_bgp {
local as 65001;
neighbor 192.0.2.1 as 214915;
password "secure-md5-key";
ipv4 {
import all;
export filter {
if net ~ [ 203.0.113.0/24 ] then accept;
reject;
};
};
}
This configuration announces only 203.0.113.0/24 to the Internet and rejects all other networks.
Common Use Cases
| Scenario | Description |
|---|---|
| Hosting with Own IPs | Use provider-independent IPs directly under your control |
| Anycast DNS | Make DNS servers reachable worldwide under one IP |
| Content Delivery | Automatically route users to the nearest server |
| Failover | Seamless switchover if a location fails |
| DDoS Mitigation | Redirect or blackhole attack traffic via BGP |
Best Practices & Security
- Deploy prefix filters to announce only your networks
- Set max-prefix limits to guard against routing leaks
- Leverage BGP communities for DDoS blackholing and traffic control
- Monitor BGP sessions and your routing table continuously
- Build redundancy with multiple sessions over different upstreams
Conclusion
BGP VMs provide powerful routing control for enterprises, providers, and advanced users. They let you announce your own networks, build anycast architectures, and operate highly available infrastructures.
From ASN allocation to routing daemon configuration, our team supports you in getting your BGP VM up and running optimally.