Fun with Windows – BGP Routing

Standard

Need a another router for your BGP lab and can’t be annoyed to create another router in VIRL/GNS3 or plug in another router for your lab? Never ~feel~ fear, use Windows instead!
Yes Windows Server actually has a fairly strong networking stack that can do static routes, RIP, and BGP. For fun lets do a BGP peering with a Windows 2016 server via powershell and a Cisco router.

First things first we will need to install the Remote Access and Routing and Remote Access role.

PS C:\>Install-WindowsFeature RemoteAccess
 PS C:\>Install-WindowsFeature RSAT-RemoteAccess-PowerShell
 PS C:\>Install-WindowsFeature Routing

Next we enable LAN routing on the system.

PS C:\> Install-RemoteAccess -VpnType RoutingOnly

Now we move on the BGP configuration, first we create a BGP router, the BGP identifer is the router-id, I tend to use the IP address of the box. The LocalASN is the AS number for the router.

PS C:\> Add-BgpRouter -BgpIdentifier 10.10.13.111 -LocalASN 100

Then we add the peer’s IP address, AS number, and give it a name.

PS C:\> Add-BgpPeer -LocalIPAddress 10.10.13.111 -PeerIPAddress 10.10.13.171 -PeerASN 200 -Name CSR01

On the Cisco router we'll add some loopbacks, setup BGP, and redistribute the interfaces into it
 
 CSR01(config)#interface Loopback0
 CSR01(config-if)# ip address 192.168.0.1 255.255.255.0
 CSR01(config-if)#interface Loopback1
 CSR01(config-if)# ip address 192.168.1.1 255.255.255.0
 CSR01(config-if)#interface Loopback2
 CSR01(config-if)# ip address 192.168.2.1 255.255.255.0
 CSR01(config-if)#interface Loopback3
 CSR01(config-if)# ip address 192.168.3.1 255.255.255.0
 CSR01(config-if)#exit
 CSR01(config)#
 CSR01(config)#router bgp 200
 CSR01(config-router)# bgp log-neighbor-changes
 CSR01(config-router)# redistribute connected
 CSR01(config-router)# neighbor 10.10.13.111 remote-as 100

On the Windows side we’ll advertise 5 networks, one nice thing about Windows is that the networks don’t need to exist on the system so you can just add networks without creating interfaces.

PS C:\> Add-BgpCustomRoute -network 172.16.0.0/24
 
 PS C:\> Add-BgpCustomRoute -network 172.16.1.0/24
 
 PS C:\> Add-BgpCustomRoute -network 172.16.2.0/24
 
 PS C:\> Add-BgpCustomRoute -network 172.16.3.0/24
 
 PS C:\> Add-BgpCustomRoute -network 172.16.4.0/24

Just for fun we’ll make the first 4 routes a summary

PS C:\> Add-BgpRouteAggregate -Prefix 172.16.0.0/22 -SummaryOnly Enabled

We can see the Cisco has learned the 172.16.0.0/22 and the left over 172.16.4.0/24

CSR01(config-router)#do sh ip bgp
 BGP table version is 18, local router ID is 192.168.3.1
 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, 
 r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, 
 x best-external, a additional-path, c RIB-compressed, 
 t secondary path, 
 Origin codes: i - IGP, e - EGP, ? - incomplete
 RPKI validation codes: V valid, I invalid, N Not found
 
 Network Next Hop Metric LocPrf Weight Path
 *> 10.0.123.0/24 0.0.0.0 0 32768 ?
 *> 10.10.13.0/24 0.0.0.0 0 32768 ?
 *> 172.16.0.0/22 10.10.13.111 0 100 i
 *> 172.16.4.0/24 10.10.13.111 0 100 i
 *> 192.168.0.0 0.0.0.0 0 32768 ?
 *> 192.168.1.0 0.0.0.0 0 32768 ?
 *> 192.168.2.0 0.0.0.0 0 32768 ?
 *> 192.168.3.0 0.0.0.0 0 32768 ?
 *> 200.0.1.0 0.0.0.0 0 32768 ?

Windows can do show commands as well though it uses get

PS C:\> Get-BgpRouter
 
RoutingDomain : 
 BgpIdentifier : 10.10.13.111
 LocalASN : 100
 CompareMEDAcrossASN : False
 DefaultGatewayRouting : False
 IPv6Routing : Disabled
 LocalIPv6Address : 
 PeerName : {CSR01}
 PolicyName : 
 TransitRouting : Disabled
 RouteReflector : Disabled
 ClusterId : 
 ClientToClientReflection :
 PS C:\> Get-BgpPeer
 
 PeerName LocalIPAddress PeerIPAddress PeerASN OperationMode ConnectivityStatus
 -------- -------------- ------------- ------- ------------- ------------------
 CSR01 10.10.13.111 10.10.13.171 200 Mixed Connected

We can see what the Windows side is learning like so.

 PS C:\> Get-BgpRouteInformation
 
 DestinationNetwork NextHop LearnedFromPeer State LocalPref MED
 ------------------ ------- --------------- ----- --------- ---
 10.0.123.0/24 10.10.13.171 CSR01 Best 0 
 172.16.0.0/22 Best 
 192.168.0.0/24 10.10.13.171 CSR01 Best 0 
 192.168.1.0/24 10.10.13.171 CSR01 Best 0 
 192.168.2.0/24 10.10.13.171 CSR01 Best 0 
 192.168.3.0/24 10.10.13.171 CSR01 Best 0 
 200.0.1.0/24 10.10.13.171 CSR01 Best 0

We can also view the Windows routing table as well.

PS C:\> get-netroute -NextHop 10.10.13.171 | Sort-Object
 
 ifIndex DestinationPrefix NextHop RouteMetric PolicyStore
 ------- ----------------- ------- ----------- -----------
 5 10.0.123.0/24 10.10.13.171 0 ActiveStore
 5 192.168.0.0/24 10.10.13.171 0 ActiveStore
 5 192.168.1.0/24 10.10.13.171 0 ActiveStore
 5 192.168.3.0/24 10.10.13.171 0 ActiveStore
 5 192.168.2.0/24 10.10.13.171 0 ActiveStore
 5 200.0.1.0/24 10.10.13.171 0 ActiveStore

Want to add some BGP polices into the mix?

PS C:\> Add-BgpRoutingPolicy -Name RoutePolicy -MatchPrefix 192.168.1.0/24 -PolicyType ModifyAttribute -AddCommunity 100:1001 -NewLocalPref 555
 
PS C:\> Add-BgpRoutingPolicyForPeer -PeerName CSR01 -PolicyName RoutePolicy -Direction Ingress
 
 PS C:\> Get-BgpRouteInformation -Network 192.168.1.0/24 | fl
 
 DestinationNetwork : 192.168.1.0/24
 NextHop : 10.10.13.171
 State : Best
 Origin : INCOMPLETE
 Path : 200
 LocalPref : 555
 Community : {100:1001}
 MED : 0
 LearnedFromPeer : CSR01
 OriginatorId : 
 ClusterList : 
 Aggregate : False
 Aggregator :

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s