BGP uses AS (autonomous numbers) to prevent routing loops
BGP_AS1_____eBG__(external BGP)_____BGP_AS2 << eBGP connection - Different BGP AS numbers BGP_AS1_____iBGP__(internal BGP)____BGP_AS1 << iBGP connection - Same BGP AS numbers
Different BGP AS - eBGP
set protocols bgp 1 neighbor 188.8.131.52 remote-as '2'
Same BGP AS - iBGP
set protocols bgp 1 neighbor 184.108.40.206 remote-as '1'
show ip bgp summary
vyos@vos1:~$ show ip bgp summary BGP router identifier 192.168.56.101, local AS number 1 IPv4 Unicast - max multipaths: ebgp 1 ibgp 1 RIB entries 0, using 0 bytes of memory Peers 1, using 2524 bytes of memory, Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 220.127.116.11 4 2 97 99 0 0 0 01:36:15 0 Total number of neighbors 1 vyos@vos1:~$
set protocols bgp 2 network '18.104.22.168/32'
Verify Route Advertisement
vyos@vos2:~$ show ip bgp BGP table version is 0, local router ID is 22.214.171.124 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, R Removed, Origin codes: i - IGP, e - EGP, ? - incomplete, Network Next Hop Metric LocPrf Weight Path, *> 126.96.36.199/32 0.0.0.0 1 32768 i, Total number of prefixes 1 vyos@vos2:~$
BGP for IPv6
BGP-sessions for IPv6 are at some view similar to IPv4-BGP-sessions. The announced networks needs to be set in another way and the neighbors need an additional setting.
In the following example the local router is
2001:db8:1::1 (AS 1) and announces network
2001:db8:1::/48 to it's neighbor
2001:db8:1::2 (AS 2).
# network needs to be set in another way set protocols bgp 1 address-family ipv6-unicast network 2001:db8:1::/48 # basic neighbor configuration as usual set protocols bgp 1 neighbor 2001:db8:1::2 remote-as 2 set protocols bgp 1 neighbor 2001:db8:1::2 update-source 2001:db8:1::1 # additionally, mark as ipv6-unicast router set protocols bgp 1 neighbor 2001:db8:1::2 address-family ipv6-unicast
If firewalling the interface from which you expect incoming BGP make sure to allow incoming connections from link-local addresses. Routers may use a link-local address to connect to yours (as there should be no hop between their and your router).
Pitfall: Filtering AS/Networks/Prefixes/Maps etc.
Filtering anything of AS', networks, prefixes or through route-maps is configured in same way but another section. Example for filtering AS exports:
set protocols bgp 1 neighbor 2001:db8:1::2 address-family ipv6-unicast filter-list export own-as set policy as-path-list own-as description "Accept only own AS, do not redistribute other AS" set policy as-path-list own-as rule 10 action permit set policy as-path-list own-as rule 10 regex ^$ set policy as-path-list own-as rule 20 action deny set policy as-path-list own-as rule 20 regex .+
(Example only exports routes from empty AS-chains - meaning only routes inside AS 1)
Communication to other BGP-Routers with specific IP
This is needed if your router has a Loopback-Address and should communicate using this address. To configure it in a clean way, let's assume the Loopback of router VYOS1 is `188.8.131.52/32` and configured as `lo`.
# interface configuration part set interface loopback lo address 184.108.40.206/32 # BGP source address set protocols bgp 1 parameters router-id 220.127.116.11 set protocols bgp 1 neighbor 18.104.22.168 update-source lo # rest as usual set protocols bgp 1 neighbor 22.214.171.124 remote-as 2
For simplifying configuration and maintain readability similar peer session can be combined into *peer groups*. Peer groups are configured the same as normal peers. A peer group is then applied to all peers that should use those configuration. As peer group is created by
protocols bgp <asn> peer-group <group-name>
and are applied to peers using
protocols bgp <asn> neighbor <id> peer-group <group-name>