Basic Cisco Router Config with BGP Uplink

Do you have your own /24 IP subnet and want to setup a BGP router? This article will gave a basic overview of the key components required. The syntax used is for an IOS 12.2 Cisco 6500 series, but is applicable to a 7600 series, a 7200 series, or even a 1800 or 2800 series router.

Assumptions:

1. The /24 subnet we are announcing is 200.50.75.0/24.
2. The IPv4 WAN Subnet from our upstream BGP provider is 128.64.12.128/30.
3. Upstream BGP peer’s AS is 1000, and our AS is 17500

So to begin, we assume our BGP uplink is delivered to us via a basic Cat5 handoff. This handoff has a static WAN subnet of 128.64.12.128/30 – our side of the WAN is 128.64.12.130 and the provider’s side of the WAN is 128.64.12.129. That also means our default GW is 128.64.12.129.

We connect this Cat5 uplink to FastEthernet7/1 on our 6500. Now we need to go into the 6500 series router, config the WAN link, then do all the BGP configs so we can start using our /24 subnet.

We login with enable access and go to configuration mode:

Cisco6500# config -t

We know setup the WAN link:

Cisco6500(config)# interface FastEthernet7/1
Cisco6500(config)# desc BGP Uplink
Cisco6500(config)# ip address 128.64.12.130 255.255.255.252
Cisco6500(config)# no shutdown

We set the default route:

Cisco6500(config)# ip route 0.0.0.0 0.0.0.0 128.64.12.129 250

At this point our router is live and we should be able to ping out to the internet. In order to use our own /24 and AS we need to setup a BGP session with our upstream, let get started:

Cisco6500(config)# router bgp 17500

The above effectively “creates” the BGP service on our end acting as AS 17500, we now need to config it. We are inside the router statement, so every command from this point on effects only the BGP config. We have to exit out to return to the main config.

Cisco6500(config-router)# bgp log-neighbor-changes
Cisco6500(config-router)# neighbor 128.64.12.129 remote-as 1000
Cisco6500(config-router)# neighbor 128.64.12.129 ebgp-multihop 5
Cisco6500(config-router)# neighbor 128.64.12.129 password ABC123

Quick recap of the above. We are telling our BGP service about our first neighbor or “peer”. The peer address 128.64.12.129 is the WAN side IP of our upstream, we specify that our peers AS is 1000, we specify a BGP session password (this is optional, and must be configured to match on the other end), the ebgp-multihop 5 entry is also potentially optional, but I like to add it just in case there are any hops between myself and my peer.

Now we configure the IPv4 portion of the BGP config. In order to do that, we go one more level down in the config by entering the following:

Cisco6500(config-router)# address-family ipv4

This puts you into a sub-config menu, and your prompy will change. From here we can add the IP details of our BGP session:

Cisco6500(config-router-af)# neighbor 128.64.12.129 activate
Cisco6500(config-router-af)# neighbor 128.64.12.129 next-hop-self
Cisco6500(config-router-af)# neighbor 128.64.12.129 send-community
Cisco6500(config-router-af)# neighbor 128.64.12.129 soft-reconfiguration inbound
Cisco6500(config-router-af)# neighbor 128.64.12.129 filter-list 1 in
Cisco6500(config-router-af)# neighbor 128.64.12.129 filter-list 15 out

The first line activates IPv4 on the session. The next three lines are pretty basic and normal. The soft-reconfiguration line is required if you want to be able to do soft resets of the BGP session to grab updates from the other side or vice versa. The last two lines are tricky, but basically, the control what we will allow in and what we allow out from our router. I will describe these filter lists below after we are down with the main BGP config. The following lines finish out out IPv4 portion of the config:

Cisco6500(config-router-af)# no auto-summary
Cisco6500(config-router-af)# no synchronization
Cisco6500(config-router-af)# network 200.50.75.0 mask 255.255.255.0

The last line here is our IPv4 announcement. Now we exit out of the address-family sub-config, and the bgp router sub-config:

Cisco6500(config-router-af)# exit
Cisco6500(config-router)# exit
Cisco6500(config)#

This returns us to the menu config menu. At this point our BGP session is 95% percent complete, just a few loose ends to finish up. Mainly, we have to create those in and out filter lists rules for the BGP prefixes we will allow in and out. We add the following:

Cisco6500(config)# ip as-path access-list 1 permit .*
Cisco6500(config)# ip as-path access-list 15 permit ^$
Cisco6500(config)# ip as-path access-list 15 permit ^(17500_)+$

Access list 1 basically permits everything in, which is want we want. Access list 15 permits our AS 17500 to go out. Last but not least, we need to locally null route our IP announcement:

Cisco6500(config)# ip route 200.50.75.0 255.255.255.0 Null0 250
Cisco6500(config)# exit
Cisco6500(config)# write mem

At this point our BGP router is live, you can verify with the following command:

Cisco6500# sh ip bgp summary
BGP router identifier 128.64.12.130, local AS number 17500
BGP table version is 27807253, main routing table version 27807253
187089 network entries using 18895989 bytes of memory
203251 path entries using 9756048 bytes of memory
48641 BGP path attribute entries using 2724008 bytes of memory
39260 BGP AS-PATH entries using 1076272 bytes of memory
58 BGP community entries using 1392 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
61132 BGP filter-list cache entries using 733584 bytes of memory
BGP using 33187293 total bytes of memory
8 received paths for inbound soft reconfiguration
BGP activity 4186733/3980758 prefixes, 6186177/5962957 paths, scan interval 60 secs

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
128.64.12.129 4 1000 10948679 267030 27806888 0 0 7w2d 174293

With your BGP router live and running, you can start using your IP space on any interface by simply assign a subnet of your choosing, for example:

Cisco6500(config)# interface FastEthernet7/2
Cisco6500(config)# desc Mail Server
Cisco6500(config)# ip address 200.50.75.1 255.255.255.248
Cisco6500(config)# no shutdown

This creates a 200.50.75.0/29 subnet on interface 7/2 with 200.50.75.1 acting as the default gateway. Simply connect a server to that port and it will be live with a usable IP in the .2 through .6 (.7 is reserved for the broadcast).

Total Views: 7845 ,