Fun with Windows – BGP Routing


Need a another router for your BGP lab and can’t be annoyed to create another router in VIRL/GNS3 or plug in another router for your lab? Never ~feel~ fear, use Windows instead!
Yes Windows Server actually has a fairly strong networking stack that can do static routes, RIP, and BGP. For fun lets do a BGP peering with a Windows 2016 server via powershell and a Cisco router.

First things first we will need to install the Remote Access and Routing and Remote Access role.

PS C:\>Install-WindowsFeature RemoteAccess
 PS C:\>Install-WindowsFeature RSAT-RemoteAccess-PowerShell
 PS C:\>Install-WindowsFeature Routing

Next we enable LAN routing on the system.

PS C:\> Install-RemoteAccess -VpnType RoutingOnly

Now we move on the BGP configuration, first we create a BGP router, the BGP identifer is the router-id, I tend to use the IP address of the box. The LocalASN is the AS number for the router.

PS C:\> Add-BgpRouter -BgpIdentifier -LocalASN 100

Then we add the peer’s IP address, AS number, and give it a name.

PS C:\> Add-BgpPeer -LocalIPAddress -PeerIPAddress -PeerASN 200 -Name CSR01

On the Cisco router we'll add some loopbacks, setup BGP, and redistribute the interfaces into it
 CSR01(config)#interface Loopback0
 CSR01(config-if)# ip address
 CSR01(config-if)#interface Loopback1
 CSR01(config-if)# ip address
 CSR01(config-if)#interface Loopback2
 CSR01(config-if)# ip address
 CSR01(config-if)#interface Loopback3
 CSR01(config-if)# ip address
 CSR01(config)#router bgp 200
 CSR01(config-router)# bgp log-neighbor-changes
 CSR01(config-router)# redistribute connected
 CSR01(config-router)# neighbor remote-as 100

On the Windows side we’ll advertise 5 networks, one nice thing about Windows is that the networks don’t need to exist on the system so you can just add networks without creating interfaces.

PS C:\> Add-BgpCustomRoute -network
 PS C:\> Add-BgpCustomRoute -network
 PS C:\> Add-BgpCustomRoute -network
 PS C:\> Add-BgpCustomRoute -network
 PS C:\> Add-BgpCustomRoute -network

Just for fun we’ll make the first 4 routes a summary

PS C:\> Add-BgpRouteAggregate -Prefix -SummaryOnly Enabled

We can see the Cisco has learned the and the left over

CSR01(config-router)#do sh ip bgp
 BGP table version is 18, local router ID is
 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
 r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
 x best-external, a additional-path, c RIB-compressed, 
 t secondary path, 
 Origin codes: i - IGP, e - EGP, ? - incomplete
 RPKI validation codes: V valid, I invalid, N Not found
 Network Next Hop Metric LocPrf Weight Path
 *> 0 32768 ?
 *> 0 32768 ?
 *> 0 100 i
 *> 0 100 i
 *> 0 32768 ?
 *> 0 32768 ?
 *> 0 32768 ?
 *> 0 32768 ?
 *> 0 32768 ?

Windows can do show commands as well though it uses get

PS C:\> Get-BgpRouter
RoutingDomain : 
 BgpIdentifier :
 LocalASN : 100
 CompareMEDAcrossASN : False
 DefaultGatewayRouting : False
 IPv6Routing : Disabled
 LocalIPv6Address : 
 PeerName : {CSR01}
 PolicyName : 
 TransitRouting : Disabled
 RouteReflector : Disabled
 ClusterId : 
 ClientToClientReflection :
 PS C:\> Get-BgpPeer
 PeerName LocalIPAddress PeerIPAddress PeerASN OperationMode ConnectivityStatus
 -------- -------------- ------------- ------- ------------- ------------------
 CSR01 200 Mixed Connected

We can see what the Windows side is learning like so.

 PS C:\> Get-BgpRouteInformation
 DestinationNetwork NextHop LearnedFromPeer State LocalPref MED
 ------------------ ------- --------------- ----- --------- --- CSR01 Best 0 Best CSR01 Best 0 CSR01 Best 0 CSR01 Best 0 CSR01 Best 0 CSR01 Best 0

We can also view the Windows routing table as well.

PS C:\> get-netroute -NextHop | Sort-Object
 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore
 ------- ----------------- ------- ----------- -----------
 5 0 ActiveStore
 5 0 ActiveStore
 5 0 ActiveStore
 5 0 ActiveStore
 5 0 ActiveStore
 5 0 ActiveStore

Want to add some BGP polices into the mix?

PS C:\> Add-BgpRoutingPolicy -Name RoutePolicy -MatchPrefix -PolicyType ModifyAttribute -AddCommunity 100:1001 -NewLocalPref 555
PS C:\> Add-BgpRoutingPolicyForPeer -PeerName CSR01 -PolicyName RoutePolicy -Direction Ingress
 PS C:\> Get-BgpRouteInformation -Network | fl
 DestinationNetwork :
 NextHop :
 State : Best
 Path : 200
 LocalPref : 555
 Community : {100:1001}
 MED : 0
 LearnedFromPeer : CSR01
 OriginatorId : 
 ClusterList : 
 Aggregate : False
 Aggregator :

2 thoughts on “Fun with Windows – BGP Routing

  1. Great article. After wading through Windows docs for a few hours I came across this and it saved me a ton of time. I am having one issue – don’t know if you can enlighten me: I’m trying to get my Windows 2012 server to establish a BGP session with a vendor’s router (I assume Cisco). They require a password for their BGP session to be established. I don’t see any place for that parameter in the Add-BgpPeer command, and I think that’s causing me to be left in a state of “connecting”. Any ideas?

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.