Border Gateway Protocol (BGP) is the de facto exterior gateway protocol used to exchange routing information between autonomous systems on the Internet. On Cisco IOS, BGP configuration requires careful planning of neighbor relationships, network advertisements, and path attribute manipulation. This guide walks through a complete BGP configuration scenario for a dual-homed enterprise edge, covering eBGP peering, route filtering, AS path prepending, and verification using show commands. These skills are essential for the CCNA, ENCOR, and ENARSI certification exams, where BGP configuration and troubleshooting are heavily tested.
Enable BGP Routing and Configure Router ID
Start by enabling BGP with the `router bgp` command followed by the local AS number. Set the router ID manually to ensure stability, especially if loopback interfaces are used. The router ID should be a unique IP address within the AS.
Router(config)# router bgp 65001
Router(config-router)# bgp router-id 10.0.0.1
Router(config-router)# bgp log-neighbor-changesAlways set a static router ID to avoid BGP session flapping if an interface goes down.
The AS number must match the one assigned to your organization. Private AS numbers (64512-65535) are for internal use only.
Configure eBGP Neighbor Peering
Define the eBGP neighbor using the `neighbor` command with the remote AS number. For eBGP, the neighbor IP is typically the directly connected interface IP. Use the `ebgp-multihop` command if peering over a loopback or non-directly connected interface.
Router(config-router)# neighbor 203.0.113.2 remote-as 65002
Router(config-router)# neighbor 203.0.113.2 description ISP-Primary
Router(config-router)# neighbor 203.0.113.2 ebgp-multihop 2
Router(config-router)# neighbor 203.0.113.2 update-source Loopback0Use the `update-source` command to source BGP packets from a loopback for better reliability.
Advertise Networks into BGP
Use the `network` command under BGP to advertise prefixes. The network must exist in the routing table (connected, static, or via IGP). For more granular control, use route maps to filter or modify attributes before advertisement.
Router(config-router)# network 192.168.1.0 mask 255.255.255.0
Router(config-router)# network 10.0.0.0 mask 255.255.255.0
Router(config-router)# neighbor 203.0.113.2 route-map SET-MED outThe network command does not create a route; it only advertises an existing route. Ensure the prefix is in the routing table first.
Apply Route Maps for Path Attribute Manipulation
Create a route map to set BGP attributes like MED, AS path, or local preference. This example prepends the AS path to make the route less preferred on the remote side, useful for traffic engineering.
Router(config)# route-map SET-MED permit 10
Router(config-route-map)# set metric 50
Router(config-route-map)# set as-path prepend 65001 65001
Router(config-route-map)# exit
Router(config)# route-map SET-MED permit 20AS path prepending is a common technique to influence inbound traffic without changing the routing policy of the ISP.
Configure BGP Authentication and Timers
Secure the BGP session with MD5 authentication and adjust keepalive/hold timers for faster convergence. The authentication password must match on both peers.
Router(config-router)# neighbor 203.0.113.2 password MySecretKey
Router(config-router)# neighbor 203.0.113.2 timers 10 30BGP authentication uses MD5, which is considered weak. For production, consider using TCP-AO if supported.
Verify BGP Peering and Routes
Use show commands to verify the BGP session state and the routing table. The `show ip bgp summary` command displays neighbor status, while `show ip bgp` shows all BGP routes and their attributes.
Router# show ip bgp summary
BGP router identifier 10.0.0.1, local AS number 65001
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
203.0.113.2 4 65002 1234 1235 10 0 0 00:12:34 5
Router# show ip bgp
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0/24 0.0.0.0 0 32768 i
*> 10.0.0.0/24 0.0.0.0 0 32768 i
*> 203.0.113.0/24 203.0.113.2 0 0 65002 iIf the state is not 'Established', check the neighbor IP, AS number, and any ACLs blocking TCP port 179.
Troubleshoot BGP with Debug Commands
Use debug commands to diagnose BGP issues. Always use `debug ip bgp updates` with caution in production, as it can generate high CPU load. Filter by neighbor IP to reduce output.
Router# debug ip bgp updates 203.0.113.2
BGP(0): 203.0.113.2 UPDATE out: prefix 192.168.1.0/24, next hop 10.0.0.1, metric 50, path 65001 65001
BGP(0): 203.0.113.2 UPDATE in: prefix 198.51.100.0/24, next hop 203.0.113.2, metric 0, path 65002
Router# undebug allDebug commands can overwhelm the router's CPU. Use them only during maintenance windows or on lab devices.
Key tips
Always configure a loopback interface as the BGP update source for eBGP multihop sessions to improve stability.
Use prefix lists instead of ACLs for BGP route filtering — they are more efficient and easier to read.
Enable 'bgp bestpath as-path multipath-relax' if you need load balancing across multiple eBGP paths from different ASes.
For IBGP, ensure all routers are fully meshed or use a route reflector to avoid BGP split horizon issues.
Set 'bgp deterministic-med' to ensure consistent MED comparison across all paths.
Use 'show ip bgp neighbors x.x.x.x advertised-routes' to verify what you are sending to a peer.
Frequently asked questions
What is the difference between eBGP and iBGP?
eBGP runs between routers in different autonomous systems, typically using directly connected interfaces and a TTL of 1 by default. iBGP runs within the same AS and requires a full mesh or route reflectors. eBGP routes have a default administrative distance of 20, while iBGP routes have a distance of 200.
Why is my BGP neighbor stuck in 'Idle' state?
The Idle state usually indicates a misconfiguration. Common causes include: incorrect neighbor IP address, wrong AS number, missing route to the neighbor, or an ACL blocking TCP port 179. Check the neighbor configuration and ensure IP reachability.
How do I influence inbound traffic with BGP?
To influence inbound traffic, you can manipulate attributes advertised to your upstream ISPs. Common techniques include AS path prepending (making your routes look longer), setting a higher MED, or advertising more specific prefixes. These methods make your routes less preferred by the ISP.
What is the purpose of the 'network' command in BGP?
The 'network' command tells BGP which prefixes to advertise. Unlike IGP, it does not create a route — it only advertises an existing route that must be present in the IP routing table. You can also use 'redistribute' to inject routes from other protocols, but the 'network' command is preferred for precision.
How can I filter BGP routes from a specific neighbor?
Use prefix lists or route maps with the 'neighbor x.x.x.x prefix-list' or 'neighbor x.x.x.x route-map' commands. For example, 'neighbor 203.0.113.2 prefix-list FILTER-IN in' will apply a prefix list to inbound updates. This is more efficient than using distribute lists.
Related glossary terms
Dynamic route
A route that is automatically learned and updated by a router using a routing protocol, rather than being manually configured.
Bash script
A Bash script is a text file containing a sequence of commands for the Unix shell Bash, allowing users to automate repetitive tasks and streamline system administration on Linux and macOS.
File Transfer Protocol
File Transfer Protocol (FTP) is a standard network protocol used to transfer files between a client and a server over a TCP/IP network.
Public IP address
A globally unique IP address assigned to a device that allows it to communicate directly over the internet.
Persistent Disk
Persistent Disk is a durable, high-performance block storage service for Google Cloud virtual machines that retains data even after the VM is shut down or deleted.
Extensible Authentication Protocol
Extensible Authentication Protocol (EAP) is a flexible authentication framework used in network access control, particularly in wireless and point-to-point connections, that supports multiple authentication methods without requiring changes to the underlying protocol.
Practice with real exam questions
Apply what you just learned with exam-style practice questions.