Open topic with navigation

BGP Route

The Border Gateway Protocol (BGP) routes can be deployed for all the IPs or subnets in the zone to draw traffic towards the mitigator for effective attack mitigation. When a particular IP address in a zone is under DDoS attack, the BGP route can be deployed for that specific IP address identified by the detector or on all the IPs in the zone.

On start mitigation, the BGP routes can either be deployed for all zone IPs/subnet or top-K attacked IPs based on the specified configuration. On stop mitigation, the BGP routes are removed from the devices in the device group.

Navigate to Configuration > Zone Policies / Profiles > Zone Operational Policy and click Create or Edit Zone Operational Policy to select the zone IPs or top-K destination IPs. For more information, see Configure a Zone Operational Policy.

The BGP Route page provides you a list of all the BGP routes created, the associated zone, the operational status, and the actions that can be performed. You can create, edit, and delete a BGP route configuration.

Perform the following steps to access the BGP Route page:

  1. Navigate to Configuration > BGP > Route.
  2. (Optional) Enter a complete or a partial name of the BGP Route in the search field for searching the BGP Route.
  3. (Optional) Click the Reset, Refresh, or Delete button to perform the corresponding action.

To create a BGP Route, see Create a BGP Route.

Table 126 : BGP Route Information

Table 125 : BGP Route Window

Column Heading

Description

Route Prefix

Displays the IP address/subnet for which the BGP route is configured.

NOTE: RTBH button in red is displayed if the zone is under RTBH mitigation.

Zone

Displays the zone associated to the IP address or subnet.

Mitigator Group

Displays the device group of the zone.

Route Map

Displays the route map associated with the route.

Oper Status

Displays the operational status of the BGP route deployment as follows:

  • Device Error—Indicates the error has occurred on all the devices while configuring the BGP Route .
  • Device Partial Error—Indicates the error has occurred on one or more devices while configuring the BGP route .
  • Out of Sync—Indicates the BGP route changes are not yet synchronized with the device(s).
  • OK—Indicates that the BGP route has been successfully deployed to all the devices in the device group. It can also indicate that the BGP route has been created but not sent to the mitigator group yet.

Deploy State

Displays the deploy state of the route as follows:

  • Deployed—Indicates that the route is successfully deployed on all devices in the mitigator group.
  • Deploy Pending—Indicates that the route is not yet deployed on devices.
  • Undeploy Pending—Indicates that, when the BGP route is undeployed, the route will momentarily be in Undeploy Pending (transient state) and then change to Deploy Pending state.
Auto-remove Indicates that the route will be deleted from A10 Defend Orchestrator App and TPS device once the mitigation stops.

Info

Displays the following information:

  • User-created—Indicates that the route is created by a user.
  • System-created—Indicates that the route is created by the system.

Actions

Allows you to perform the following:

  • Edit—Allows you to modify one of the previously-configured BGP Route.

    • NOTE: Route Maps associated with Route's Mitigator Group can only be edited.

  • Deploy or Undeploy—Allows you to add or remove a previously-configured BGP Route on a device.

  • Delete—Allows you to delete the current BGP Route.

    A confirmation message is displayed. Click Submit. If A10 Defend Orchestrator is unable to remove a BGP route on Stop Mitigation, use Force Delete to manually delete the route.

  • Steer Traffic—Allows you to add or remove a BGP Route on any of the TPS devices listed under mitigator group. This feature is introduced because in reactive deployment, when A10 Defend Orchestrator receives zone escalation notification, it creates BGP route(s) and sends them to all devices in the zone’s mitigator group. After the routes are sent to the TPS mitigator, the network traffic starts flowing through these devices. With steer traffic feature, you can selectively steer traffic through the selected devices in the mitigator group based on intensity and/or nature of the attack.
    To indicate that the steer traffic option is currently used, a steer tag is displayed under the Route Prefix column.

COMPANY INFORMATION: Copyright © 2025 A10 Networks, Inc. All Rights Reserved. Legal Notice