Need a another router for your BGP lab and can’t be annoyed to create another router in VIRL/GNS3 or plug in another router for your lab? Never ~feel~ fear, use Windows instead!
Yes Windows Server actually has a fairly strong networking stack that can do static routes, RIP, and BGP. For fun lets do a BGP peering with a Windows 2016 server via powershell and a Cisco router.
First things first we will need to install the Remote Access and Routing and Remote Access role.
PS C:\>Install-WindowsFeature RemoteAccess PS C:\>Install-WindowsFeature RSAT-RemoteAccess-PowerShell PS C:\>Install-WindowsFeature Routing
Next we enable LAN routing on the system.
PS C:\> Install-RemoteAccess -VpnType RoutingOnly
Now we move on the BGP configuration, first we create a BGP router, the BGP identifer is the router-id, I tend to use the IP address of the box. The LocalASN is the AS number for the router.
PS C:\> Add-BgpRouter -BgpIdentifier 10.10.13.111 -LocalASN 100
Then we add the peer’s IP address, AS number, and give it a name.
PS C:\> Add-BgpPeer -LocalIPAddress 10.10.13.111 -PeerIPAddress 10.10.13.171 -PeerASN 200 -Name CSR01
On the Cisco router we'll add some loopbacks, setup BGP, and redistribute the interfaces into it CSR01(config)#interface Loopback0 CSR01(config-if)# ip address 192.168.0.1 255.255.255.0 CSR01(config-if)#interface Loopback1 CSR01(config-if)# ip address 192.168.1.1 255.255.255.0 CSR01(config-if)#interface Loopback2 CSR01(config-if)# ip address 192.168.2.1 255.255.255.0 CSR01(config-if)#interface Loopback3 CSR01(config-if)# ip address 192.168.3.1 255.255.255.0 CSR01(config-if)#exit CSR01(config)# CSR01(config)#router bgp 200 CSR01(config-router)# bgp log-neighbor-changes CSR01(config-router)# redistribute connected CSR01(config-router)# neighbor 10.10.13.111 remote-as 100
On the Windows side we’ll advertise 5 networks, one nice thing about Windows is that the networks don’t need to exist on the system so you can just add networks without creating interfaces.
PS C:\> Add-BgpCustomRoute -network 172.16.0.0/24 PS C:\> Add-BgpCustomRoute -network 172.16.1.0/24 PS C:\> Add-BgpCustomRoute -network 172.16.2.0/24 PS C:\> Add-BgpCustomRoute -network 172.16.3.0/24 PS C:\> Add-BgpCustomRoute -network 172.16.4.0/24
Just for fun we’ll make the first 4 routes a summary
PS C:\> Add-BgpRouteAggregate -Prefix 172.16.0.0/22 -SummaryOnly Enabled
We can see the Cisco has learned the 172.16.0.0/22 and the left over 172.16.4.0/24
CSR01(config-router)#do sh ip bgp BGP table version is 18, local router ID is 192.168.3.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter, x best-external, a additional-path, c RIB-compressed, t secondary path, Origin codes: i - IGP, e - EGP, ? - incomplete RPKI validation codes: V valid, I invalid, N Not found Network Next Hop Metric LocPrf Weight Path *> 10.0.123.0/24 0.0.0.0 0 32768 ? *> 10.10.13.0/24 0.0.0.0 0 32768 ? *> 172.16.0.0/22 10.10.13.111 0 100 i *> 172.16.4.0/24 10.10.13.111 0 100 i *> 192.168.0.0 0.0.0.0 0 32768 ? *> 192.168.1.0 0.0.0.0 0 32768 ? *> 192.168.2.0 0.0.0.0 0 32768 ? *> 192.168.3.0 0.0.0.0 0 32768 ? *> 200.0.1.0 0.0.0.0 0 32768 ?
Windows can do show
commands as well though it uses get
PS C:\> Get-BgpRouter RoutingDomain : BgpIdentifier : 10.10.13.111 LocalASN : 100 CompareMEDAcrossASN : False DefaultGatewayRouting : False IPv6Routing : Disabled LocalIPv6Address : PeerName : {CSR01} PolicyName : TransitRouting : Disabled RouteReflector : Disabled ClusterId : ClientToClientReflection :
PS C:\> Get-BgpPeer PeerName LocalIPAddress PeerIPAddress PeerASN OperationMode ConnectivityStatus -------- -------------- ------------- ------- ------------- ------------------ CSR01 10.10.13.111 10.10.13.171 200 Mixed Connected
We can see what the Windows side is learning like so.
PS C:\> Get-BgpRouteInformation DestinationNetwork NextHop LearnedFromPeer State LocalPref MED ------------------ ------- --------------- ----- --------- --- 10.0.123.0/24 10.10.13.171 CSR01 Best 0 172.16.0.0/22 Best 192.168.0.0/24 10.10.13.171 CSR01 Best 0 192.168.1.0/24 10.10.13.171 CSR01 Best 0 192.168.2.0/24 10.10.13.171 CSR01 Best 0 192.168.3.0/24 10.10.13.171 CSR01 Best 0 200.0.1.0/24 10.10.13.171 CSR01 Best 0
We can also view the Windows routing table as well.
PS C:\> get-netroute -NextHop 10.10.13.171 | Sort-Object ifIndex DestinationPrefix NextHop RouteMetric PolicyStore ------- ----------------- ------- ----------- ----------- 5 10.0.123.0/24 10.10.13.171 0 ActiveStore 5 192.168.0.0/24 10.10.13.171 0 ActiveStore 5 192.168.1.0/24 10.10.13.171 0 ActiveStore 5 192.168.3.0/24 10.10.13.171 0 ActiveStore 5 192.168.2.0/24 10.10.13.171 0 ActiveStore 5 200.0.1.0/24 10.10.13.171 0 ActiveStore
Want to add some BGP polices into the mix?
PS C:\> Add-BgpRoutingPolicy -Name RoutePolicy -MatchPrefix 192.168.1.0/24 -PolicyType ModifyAttribute -AddCommunity 100:1001 -NewLocalPref 555
PS C:\> Add-BgpRoutingPolicyForPeer -PeerName CSR01 -PolicyName RoutePolicy -Direction Ingress
PS C:\> Get-BgpRouteInformation -Network 192.168.1.0/24 | fl DestinationNetwork : 192.168.1.0/24 NextHop : 10.10.13.171 State : Best Origin : INCOMPLETE Path : 200 LocalPref : 555 Community : {100:1001} MED : 0 LearnedFromPeer : CSR01 OriginatorId : ClusterList : Aggregate : False Aggregator :
Great article. After wading through Windows docs for a few hours I came across this and it saved me a ton of time. I am having one issue – don’t know if you can enlighten me: I’m trying to get my Windows 2012 server to establish a BGP session with a vendor’s router (I assume Cisco). They require a password for their BGP session to be established. I don’t see any place for that parameter in the Add-BgpPeer command, and I think that’s causing me to be left in a state of “connecting”. Any ideas?
I know a little late, but very nice job documenting your testing.