Skip to main content
> Equinix Deploy

BYOIP with Global BGP

Bring your own publicly routable IPv4 or IPv6 address range and advertise it to Equinix Metal using BGP! You can then assign IP addresses from the range to the servers you deploy. To successfully announce IP addresses, you will need a registered ASN and an IP address range which is registered to that ASN in an IRR. We require that all IP address ranges that you want to announce be registered to your ASN. An attempt to announce any IP in a range not registered to your ASN, will be filtered by our routers.

Requirements

  • A public ASN is required.
  • The subnet(s) must be registered with a Regional Internet Registry (RIR), such as ARIN, RIPE, or APNIC and the organization name should in the RIR should match your account name in Equinix Metal.
  • You must also create a route object for your prefix(s) in an IRR database such as RADB.
  • An AS-Set should also be created in an IRR database.
  • The smallest IPv4 address range that customers can bring is /24.
  • The smallest IPv6 address range that customers can bring is /48.
  • We strongly encourage you create a RPKI ROA for your subnets.

Once these requirements are met, we can accept the prefix and advertise it to our upstream providers. Please note that depending on when the information was created in your IRR of choice, it may take up to 48 hours for our providers to begin accepting the subnet from us. Customers are able to take granular control of which providers and peers we advertise to by utilizing our BGP Global Communities.

Enabling Global BGP on the Project

The first step to setting up Global BGP is to enable it on the Project.

In the console, navigate to the Projects IPs & Networks section and select BGP. Click Activate BGP on This Project, which brings up the Activate BGP pane.

Enabling Global BGP in the Console

  • Select Global BGP.
  • Enter your ASN in the ASN field.
  • If you want to enable and require authentication between neighbors, enter a password in the MD5 Password field.
  • The Use Case field is optional, but you can use it to provide any information related to the requirements.

You can enable BGP on a Project in the CLI with the metal project bgp-enable command.

metal project bgp-enable --project-id <project_id> --deployment-type global --asn <your_asn> --use-case <string>

Options:

  • --deployment_type (required) - Use global to enable Global BGP,
  • --asn (required) - Enter your ASN.
  • --use-case (optional) - Use this field to provide any information related your Global BGP requirements.

In the API, send a POST request to the /projects/{id}/bgp-configs endpoint. The project ID that you want BGP enabled on is specified in the path.

curl -X POST \
    -H "Content-Type: application/json" \
    -H "X-Auth-Token: <API_TOKEN> " \
    "https://api.equinix.com/metal/v1/projects/{id}/bgp-configs" \
    -d '{
          "deployment_type": "global",
          "asn": integer,
          "md5": "string",
          "use_case": "string"
        }'

Body Parameters:

  • "deployment_type" (required) - The options are "local" or "global". For enabling Global BGP, use "global".
  • "asn" (required) - Enter your ASN.
  • "md5" (optional) - If you want to enable and require authentication between neighbors, enter a password. If omitted no password verification will be required.
  • "use_case" (optional) - The use case description is not required, but you can use it to provide any information related to the Global BGP requirements.

After you have requested Global BGP to be enabled, we will verify the ASN ownership and enable Global BGP on the project. This step is a manual check. AS numbers are sometimes assigned to individuals rather than organizations, but the important thing is that either your name or the your organization match the information in the IRR. Mismatched information should not necessarily be a red flag but does mean you will need to explain the discrepancy, and have the ASN owner contact us to verify that permission has been given to use the ASN on our network.

You will receive an email from us either requesting more information, or with a notice of approval and enablement of Global BGP on your project.

Creating Global BGP Sessions

The second step is to create BGP sessions on the Server.

After enabling Global BGP for your Project, the server's BGP page will have options for managing and tracking Global BGP sessions for both IPv4 and IPv6 addresses.

BGP Session Page in the Console

Click the arrow to open the Activate BGP panel. To enable BGP and initiate a BGP session, toggle Enable BGP. Use the Default Route toggle to set this as the default route. Note: the Default Route toggle may not appear until after enabling the BGP session.

BGP Session Management Options

In the API, send a POST request to the /devices/{id}/bgp/sessions endpoint. The server ID is specified in the path.

curl -X POST \
    -H "Content-Type: application/json" \
    -H "X-Auth-Token: <API_TOKEN> " \
    "https://api.equinix.com/metal/v1/devices/{id}/bgp/sessions" \
    -d '{
          "address_family": "string",
          "default_route": "boolean"
        }'

Body Parameters:

  • "address_family" (required) - Your options are either "ipv4" or "ipv6" indicating whether the BGP session will be announcing IPv4 or IPv6 addresses.
  • "default_route" (optional) - Sets the default route status. Defaults to false if omitted.

Global BGP Host Configuration

Once we have approved and enabled BGP on your project, you can configure your server to use BGP sessions to announce the IP Addresses and advertise routes. The routing information you need that is specific to your server is available from your server's metadata endpoint.

In Equinix IBX locations, peering is set up with two top-of-rack routers. For IPv4 peering the router IDs will be local 169.254.255.1/32 and 169.254.255.2/32 addresses. For IPv6 Peering the Router IDs will be fc00::e/128 and fc00::f/128 addresses. In Equinix Metal non-IBX locations, peering is set up with one top-of-rack router, and for IPv4 Peering the router ID will be private IPv4 gateway of the host. For IPv6 Peering the router ID will be IPv6 gateway of the host. Since these are not directly connected to the host, you may need to configure BGP multihop for your sessions. Note that the internal peering ASN information is stripped on export, so the Internet sees your AS as being directly connected to Equinix Metal.

Some guidance and example configurations are on the the Route BGP with BIRD and Route BGP with FRR pages.

Once you have configured BGP on your hosts, Equinix Metal will learn your subnet and advertise it to all of our transit and peering BGP sessions, as we would any other subnet. Please note that it may take up to 48 hours from when you configure the host to announce an IP address until the route discovery takes effect.

Disabling Global BGP

You can disable a BGP session on Equinix Metal to stop announcing the IP address and publishing your routes. This will remove learned routes, reset any open connections, and is potentially a disruptive action. Use care before disabling the session.

Disabling BGP does not remove any of the BGP configuration on the server; if you need to, you can re-enable the session, and go back to publishing routes without changing the host configuration. If you do re-enable, it may take 5-10 minutes for the session to be established.

On the server's BGP page, click the arrow to bring up the options for which BGP session you would like to disable. In the Activate BGP pane, use the toggle to disable BGP.

Disabling Global BGP Session in the console

To disable a Local BGP session in the API, send a DELETE request to the /bgp/sessions/{id} endpoint.

curl -X DELETE -H "Content-Type: application/json" \
-H "X-Auth-Token: <API_TOKEN>" \
"https://api.equinix.com/metal/v1/bgp/sessions/{id}"

Copied code to clipboard