Table of Contents
Complete the following BGP lab exercises
The Topology
There are three routers connected together over a switch and with OSPF sending infrastructure prefix routes. All routers are part of Autonomouse System Number 64500. Here is a summary of the BGP related advertisements to be made within this IBGP. setup.
- Router 1 is an FRR router. It will advertise the prefix 198.51.100.0/24
- Router 2 is a preconfigured and is advertising the prefix 1.1.1.0/24
- Router 3 is a Mikrotik router. It will advertise the prefix 3.3.3.0/24
You will configure Router 1 and Router 3 to accept the BGP routes being advertised by all routers in AS 64500 and also configure the two routers to advertise their respective prefixes.
FRR Router BGP Config
The following config is to activate BGP and setup the respective neighbours.
Enable BGP
The follwing commands configure BGP on most Cisco and FRR routers.
router bgp 64500 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 192.0.2.2 remote-as 64500 neighbor 192.0.2.2 description to Router 2 neighbor 192.0.2.3 remote-as 64500 neighbor 192.0.2.3 description to Router 3 ! address-family ipv4 unicast network 198.51.100.0/24 neighbor 192.0.2.2 activate neighbor 192.0.2.2 soft-reconfiguration inbound neighbor 192.0.2.2 prefix-list ROUTER2-IN in neighbor 192.0.2.2 prefix-list ROUTER2-OUT out neighbor 192.0.2.3 activate neighbor 192.0.2.3 soft-reconfiguration inbound neighbor 192.0.2.3 prefix-list ROUTER3-IN in neighbor 192.0.2.3 prefix-list ROUTER3-OUT out exit-address-family exit
Let us look at what each command means:
| BGP Command | Description |
|---|---|
| router bgp 64500 | This enables BGP with Autonomous System Number 64500 |
| bgp log-neighbor-changes | This enables logging for BGP |
| no bgp default ipv4-unicast | |
| neighbor 192.0.2.2 remote-as 64500 | This sets up the first BGP Neighbour and the ASN |
| neighbor 192.0.2.2 description to Router 2 | This is a description for the above neighbour |
| neighbor 192.0.2.3 remote-as 64500 | This sets up the second BGP Neighbour and the ASN |
| neighbor 192.0.2.3 description to Router 3 | This is a description for the above neighbour |
| address-family ipv4 unicast | Specifies unicast routing for the following IP address block |
| network 198.51.100.0/24 | This is the network block that this router will advertise |
| neighbor 192.0.2.2 activate | Turns on BGP neighbour so that BGP announcements can be sent/received |
| neighbor 192.0.2.2 soft-reconfiguration inbound | Allows changes to inbound BGP without restarting BGP |
| neighbor 192.0.2.2 prefix-list ROUTER2-IN in | A policy for inbound BGP prefixes |
| neighbor 192.0.2.2 prefix-list ROUTER2-OUT out | A policy for outbound BGP prefixes |
| neighbor 192.0.2.3 activate | Turns on BGP neighbour so that BGP announcements can be sent/received |
| neighbor 192.0.2.3 soft-reconfiguration inbound | Allows changes to inbound BGP without restarting BGP |
| neighbor 192.0.2.3 prefix-list ROUTER3-IN in | A policy for inbound BGP prefixes |
| neighbor 192.0.2.3 prefix-list ROUTER3-OUT out | A policy for outbound BGP prefixes |
Configure inbound routing policy for BGP
You need to control what your router accepts and advertises and BGP. This is done by having a policy for incoming traffic and outgoing traffic for each BGP peer. We will start by doing a policy for advertisements received and sent to Router 2:
You have the above command in the previous BGP configuration:
“neighbor 192.0.2.2 prefix-list ROUTER2-IN in” .
The below is the actual policy enforcement using the prefix list statement:
ip prefix-list ROUTER2-IN seq 5 permit 1.1.1.0/24 ip prefix-list ROUTER2-IN seq 10 deny 0.0.0.0/0 le 32
The first line allows the incoming prefix being advertised by Router 2 which is 1.1.1.0/24. The second line denies any further BGP advertisements to be accepted from Router 2. This is important to ensure strict BGP traffic control.
The same must be done for Router 3.
ip prefix-list ROUTER3-IN seq 5 permit 3.3.3.0/24 ip prefix-list ROUTER3-IN seq 10 deny 0.0.0.0/0 le 32
This enforces that only the prefix 3.3.3.0/24 is accepted from Router 3.
Configure outbound routing policy for BGP
You must also be strict on what BGP advertisement your router sends out. The lines below ensure that you only advertise the prefix 198.51.100.0/24 to Router 2 and Router 3
ip prefix-list ROUTER2-OUT seq 5 permit 198.51.100.0/24 ip prefix-list ROUTER2-OUT seq 10 deny 0.0.0.0/0 le 32 ip prefix-list ROUTER3-OUT seq 5 permit 198.51.100.0/24 ip prefix-list ROUTER3-OUT seq 10 deny 0.0.0.0/0 le 32
Add a route for 198.51.100.0/24
Your router will advertise the prefix 198.51.100.0/24. To do so, this route must exist in the router's routing table via other protocols or manually inserted. We will manually add it for this lab exercise:
config t ip route 198.51.100.0/24 eth0 exit
Test BGP
Try the following commands and assess the output:
sh ip bgp neighbors
to see BGP neighbours
sh ip bgp neighbor 192.0.2.2 advertised-routes
to see routes sent to this neighbor
sh ip bgp neighbor 192.0.2.2 recived-routes
to see routes received from this neighbor
sh ip route
To see the router's routing table. Look for the BGP codes
FRR Router BGP Config
The following config is to activate BGP and setup the respective neighbours.
Enable BGP
The follwing commands configure BGP on most Mikrotik version 7 routers.
/routing bgp connection
add address-families=ip as=64500 connect=yes disabled=no input.affinity=alone .filter=ROUTER2-IN \
listen=yes local.address=192.0.2.3 .role=ibgp name=To-ROUTER2 output.affinity=alone \
.default-originate=never .filter-chain=ROUTER2-OUT .network=bgp-networks remote.address=\
192.0.2.2 .as=64500 router-id=192.0.2.3 routing-table=main
add address-families=ip as=64500 connect=yes disabled=no input.affinity=alone .filter=ROUTER1-IN \
listen=yes local.address=192.0.2.3 .role=ibgp name=To-ROUTER1 output.affinity=alone \
.default-originate=never .filter-chain=ROUTER1-OUT .network=bgp-networks remote.address=\
192.0.2.1 .as=64500 router-id=192.0.2.3 routing-table=main
Let us look at what the configuration means for each key word:
| Parameter | Description |
| ————————- | ——————————————————————————————————————————————————- |
| `/routing bgp connection` | The section for configuring BGP (Border Gateway Protocol) connections on the MikroTik router. |
| `add` | The command to add a new BGP connection. |
| `address-families=ip` | Specifies the address family for the connection. Here, `ip` refers to IPv4 addresses for BGP. |
| `as=64500` | Defines the Autonomous System (AS) number for the local router, here set to `64500`. |
| `connect=yes` | Indicates whether the BGP connection should actively try to connect. `yes` means the connection is enabled. |
| `disabled=no` | Ensures that the connection is not disabled. Setting this to `no` enables the BGP connection. |
| `input.affinity=alone` | Defines the input traffic affinity for the connection. `alone` means this connection is not tied to any specific affinity group. |
| `.filter=ROUTER2-IN` | Refers to a predefined filter rule named `ROUTER2-IN` that will be applied to incoming BGP routes from the peer. |
| `listen=yes` | Specifies that the router will listen for incoming BGP connections. |
| `local.address=192.0.2.3` | The local IP address that the BGP session will bind to. This IP address is typically a loopback or a dedicated BGP address. |
| `.role=ibgp` | Specifies the role of the BGP peer. `ibgp` indicates an internal BGP peer, meaning both routers are within the same AS. |
| `name=To-ROUTER2` | The name assigned to this specific BGP connection. It helps in identifying the connection in the configuration. |
| `output.affinity=alone` | Specifies the output traffic affinity for the connection, similar to the input affinity but applied to outbound traffic. |
| `.default-originate=never` | Specifies whether the router should originate the default route (`0.0.0.0/0`). `never` means the router will not advertise the default route. |
| `.filter-chain=ROUTER2-OUT` | Refers to the `ROUTER2-OUT` filter chain applied to outgoing BGP routes towards the peer. |
| `.network=bgp-networks` | Specifies which networks are advertised to the BGP peer. In this case, the `bgp-networks` network is advertised. |
| `remote.address=192.0.2.2` | The IP address of the remote BGP peer. In this case, it's `192.0.2.2`. This is the neighbor router for the BGP session. |
| `.as=64500` | The AS number of the remote BGP peer. This should match the AS number configured on the remote router. |
| `router-id=192.0.2.3` | The unique identifier for the BGP router. It is used to uniquely identify this router in the BGP network. |
| `routing-table=main` | Defines which routing table will be used for this BGP session. The `main` table is the default routing table. |
Configure inbound routing policy for BGP
For Mikrotik, the following specifies the inbound policy for each BGP peer (Router 1 and Router 2)
/routing filter rule
add chain=ROUTER1-IN rule="if (dst in 198.51.100.0/24) { accept } else { reject }"
add chain=ROUTER2-IN rule="if (dst in 1.1.1.0/24) { accept } else { reject }"
Configure outbound routing policy for BGP
The following specifies the outbound policy for each BGP peer (Router 1 and Router 2). This is to permit which prefixes the Mikrotik router will advertise to Router 1 and Router 2:
/routing filter rule
add chain=ROUTER2-OUT rule="if (dst in 3.3.3.0/24) { accept } else { reject }"
add chain=ROUTER1-OUT rule="if (dst in 3.3.3.0/24) { accept } else { reject }"
Add a route for 3.3.3.0/24
Your router will advertise the prefix 3.3.3.0/24. To do so, this route must exist in the router's routing table via other protocols or manually inserted. We will manually add it for this lab exercise. For Mikrotik, this involves adding a firewall statement:
/ip firewall address-list add address=3.3.3.0/24 list=bgp-networks
And also add the route itself into the routing table with the below command:
/ip route add blackhole dst-address=3.3.3.0/24
Recall that in the bgp configuration earlier, we had this statement for each BGP peer: “.network=bgp-networks”. That enables the Mikrotik router to advertise the prefixes included in the firewall list with the name “bgp-networks”. That is all that is needed, now we can test BGP.
Test BGP
Check which prefixes your Mikrotik router is sending out:
/routing bgp advertisements print
You should see something like this:
Check which routes are in the routing table and see if your are receiveing routes from Router 1 and Router 2:
/ip route print
Do you see the routes indicated in red below? If so, you are receiving BGP correctly:
- DAb 1.1.1.0/24 192.0.2.2 200
- DAb 198.51.100.0/24 192.0.2.1 200
Try the following commands to see more info on BGP:
/routing ospf neighbor print
to see BGP neighbours
/routing/bgp/session/print
to see more info on the BGP sessions
Final BGP Tests on Router 1 (FRR)
Do the following on Mikrotik to see if the BGP full mesh is working:
- Check what you are receiving from Router 3:
sh ip bgp neighbors 192.0.2.3 received-routes
- Check the routing table
sh ip route
You should see something like the below. Do you see the routes indicated with “B”?
Congratulations, you have configured a BGP full mesh in a multi-vendor network.