IBM Cloud Global

Cloud Global

Our mission is to provide clients with an online user community of industry peers and IBM experts, to exchange tips and tricks, best practices, and product knowledge. We hope the information you find here helps you maximize the value of your IBM Cloud solutions.

 View Only

Introducing dynamic route discovery in IBM Cloud Route based VPN (BGP VPN)

By Mukesh Kumar posted 17 hours ago

  

Overview

In a large enterprise, network agility is essential. As new business requirements drive the frequent deployment of new applications, development environments and global regions, the network experiences a daily influx of new subnets that must be immediately routed. Just as frequently, IT teams retire deprecated systems and environments, requiring the precise and timely deletion of those subnets. This creates a highly dynamic environment where routing updates and link failures are routine operational events.

To effectively manage the constant addition/deletion of routes, minimising operational complexity and potential for manual configuration errors, we are introducing BGP support in IBM Cloud VPN. This enhancement allows our customers to dynamically discover and route traffic, helping them better handle network updates while simultaneously reducing operational and security overheads.

Challenges with manual route updates

For network architects, manual tracking of network updates and corresponding routing table updates has several challenges

  • Significant Liability and Overhead: Manually tracking the continuous addition, deletion, and updating of network subnets is a heavy burden for network architects.
  • Time-Consuming and Complex: This necessary process is intricate and consumes a considerable amount of valuable time.
  • Major Source of Human Error: Manual subnet management is prone to mistakes, which compromises network resilience and can directly lead to outages.

BGP Support in IBM Cloud Route based Site to Site VPN

IBM Cloud Route-Based Site-to-Site VPN now includes support for Border Gateway Protocol (BGP). This simplifies the network operations as it eliminates the manual overhead of updating routing tables after network changes. By automating this crucial process, network architects are freed up to focus on higher-value tasks, while drastically reducing human errors and potentially costly outages.

Key Benefits of BGP in Route-Based VPNs

Switching from manual static routing to dynamic BGP offers critical advantages for network architects and operational stability:

  • Automated Route Management: Eliminates the manual burden of updating routing tables for every single subnet addition, modification, or deletion. BGP handles the discovery and propagation of routes automatically.
  • Reduced Human Error: Drastically decreases the risk of costly configuration mistakes (like accidentally dropping traffic into a black hole) that commonly occur during complex, high-volume manual route changes.
  • Faster Scalability: Accelerates network expansion into new regions, environments, or applications since the network automatically learns new routes without intervention, supporting rapid business growth.
  • Enhanced Resilience: Ensures instantaneous failover and optimal path selection. If a route or VPN tunnel goes down, BGP immediately updates its tables and steers traffic onto the best available path, minimizing downtime.
  • Simplified Operations:Frees up skilled network engineers from tedious, repetitive maintenance tasks, allowing them to focus on strategic architectural improvements rather than routine administrative work.

Key Implementation Details

The architecture is designed to integrate seamlessly using standard networking protocols

  • Connectivity between customer's IBM Cloud deployment and their remote environment (on-premise or another cloud) is secured using a VPN Gateway. The architecture leverages the Transit Gateway (TG) as the centralised networking hub, with the VPN path configured as a spoke attachment to enable unified and efficient hybrid network routing.
  • Standard eBGP (external BGP) between VPN gateway and customer gateway (router).
  • Automatic Route Propagation: Once the IPSec tunnel is established, a BGP session is initiated. The remote peer advertises private prefixes (routes) to VPN gateway. VPN gateway then exchanges these routes with TG over GRE (Generic Routing Encapsulation) tunnels
  • On the other side of the network i.e. customer’s deployment in IBM Cloud, TG learns those routes continuously and pushes those learned routes to the VPN Gateway.
  • Thus both the Transit Gateway and the VPN Gateway are updated with the routes on both sides of the network all the time.

A reference architecture diagram depicting this relationship in a typical deployment is provided below

VPN as a spoke to Transit Gateway (BGP VPN)

Getting Started

BGP Support in IBM Cloud VPN for VPC is Generally Available (GA) on November 7th, 2025. To enable this feature:

  • Create or Edit the VPN: Create a new Site-to-Site VPN (or edit an existing one).

  • Select Dynamic Routing: Choose Route Based and under ‘VPN Connection’ select ‘Dynamic Route’. Fill in the necessary details, including the ASN Number, and save.

  • Configure Transit Gateway: In the Transit Gateway connected to the customer’s IBM Cloud deployment, edit the Transit Gateway and add the VPN Gateway as a spoke. Choose the VPN Gateway you just created and provide the necessary fields to establish the connection between the TG and the VPN Gateway.

Kickstart your VPN for VPC journey today with promo code VPC1000!

Documentation

To learn more about IBM Cloud VPN for VPC please refer to the documentation for a step-by-step guide and technical deep dive.

#VPN #CloudNetworking #BGP #HybridCloud #Networking

_______________________________________________________

0 comments
23 views

Permalink

https://community.ibm.com/community/user/blogs/mukesh-kumar2/2025/11/06/dynamic-route-discovery-ibm-cloud-vpn