How to configure BGP routing between two data center routers
Set up a BGP peering session between two Linux-based routers using Quagga/FRR to exchange routes and ensure high availability.
Configure a Border Gateway Protocol (BGP) peering session between two Linux routers to exchange routing information and ensure network redundancy. This tutorial targets Ubuntu 24.04 or Debian 12 systems running FRRouting (FRR) version 10.0. You will establish a TCP connection, define the AS numbers, and enable route advertisement.
Prerequisites
- Two Linux servers (Ubuntu 24.04 or Debian 12) acting as routers.
- Physical or virtual network interfaces connected (e.g., eth0 on both).
- Static IP addresses configured on the interfaces (e.g., 192.168.1.1 and 192.168.1.2).
- Root or sudo privileges to install packages and configure services.
- Network connectivity between the two router IPs (pingable).
Step 1: Install FRRouting packages
Install the FRRouting suite, which includes the BGP daemon (frr), on both routers. Use the official repository to get the latest stable version compatible with your kernel.
apt update
apt install -y frr frr-doc
After installation, verify the package versions to ensure you have the correct binaries.
dpkg -l | grep frr
You should see output indicating frr version 10.0.x or similar. Ensure the service is enabled to start on boot.
systemctl enable frr
systemctl start frr
Check the status to confirm the daemon is running without errors.
systemctl status frr
Step 2: Create the BGP configuration file
Create a configuration file for the BGP daemon on both routers. The file path is /etc/frr/daemons. Edit the file to set the daemon to run in the foreground for testing, or use the default configuration. Create a specific BGP configuration file at /etc/frr/daemons.conf or /etc/frr/bgpd.conf depending on your distribution's default layout. For Ubuntu 24.04, the main config is in /etc/frr/frr.conf.
Edit the main configuration file using a text editor like nano or vim.
nano /etc/frr/frr.conf
Add the following lines to define the BGP process and enable debugging if needed.
daemon=bgpd
daemon=zebra
daemon=ospf6d
daemon=ospfd
daemon=ripd
daemon=ripngd
daemon=bgpd
Save and exit the editor. Ensure the configuration file syntax is valid by running the validation command.
frrvalidate /etc/frr/frr.conf
If the command returns no errors, the syntax is correct. Proceed to define the BGP instance.
Step 3: Configure BGP peerings and networks
Define the BGP process in the configuration file. You need to specify the router ID, the neighbor IP, and the AS numbers. On Router A (AS 65001) and Router B (AS 65002), configure the peers.
Open the configuration file again.
nano /etc/frr/frr.conf
Add the following block for the BGP process. Replace the IP addresses and AS numbers with your actual values.
router bgp 65001
bgp router-id 1.1.1.1
neighbor 192.168.1.2 remote-as 65002
neighbor 192.168.1.2 ebgp-multihop 2
neighbor 192.168.1.2 update-source eth0
!
network 10.0.0.0/24
On Router B, create a similar configuration with the reversed AS numbers and neighbor IP.
router bgp 65002
bgp router-id 2.2.2.2
neighbor 192.168.1.1 remote-as 65001
neighbor 192.168.1.1 ebgp-multihop 2
neighbor 192.168.1.1 update-source eth0
!
network 20.0.0.0/24
Save the files on both routers. Reload the FRR daemon to apply the changes.
frruser -f /etc/frr/frr.conf
Alternatively, restart the service if you edited the file directly.
systemctl restart frr
Step 4: Verify BGP session establishment
Check the BGP peer status to ensure the TCP connection and BGP session are established. Use the vtysh command to access the CLI or check the status via the status command.
vtysh -c "show ip bgp summary"
You should see output indicating the neighbor state is "Established" with a valid BGP version 4.
BGP Router Identifier : 1.1.1.1
BGP Table version : 1
BGP Table updates : 0
BGP Table entries : 2
BGP Table routes : 2
BGP Table prefixes : 2
BGP Table peers : 1
BGP Table neighbors : 1
BGP Table neighbors 192.168.1.2
State : Established
V : 4
AS : 65002
Holdtime : 180
Keepalive : 60
Verify the learned routes using the show command.
vtysh -c "show ip bgp"
The output should list the networks you advertised (10.0.0.0/24 and 20.0.0.0/24) with the next hop pointing to the peer IP.
Verify the installation
Confirm that routing is working correctly by checking the kernel routing table. The routes learned from BGP should appear in the main routing table.
ip route show
You should see entries for the remote networks with the BGP next hop.
10.0.0.0/24 via 192.168.1.2 dev eth0
20.0.0.0/24 via 192.168.1.1 dev eth0
Test connectivity by pinging a loopback address configured on the remote router.
ping 10.0.0.1
Ensure the ping packets reach the destination and return without timeout.
Troubleshooting
If the BGP session does not reach the "Established" state, check the connectivity between the two router IPs. Use the ping command to verify the underlying IP connectivity.
ping 192.168.1.2
If ping fails, check firewall rules on both interfaces. Ensure port 179 (BGP) is open.
iptables -L -n | grep 179
If you see DROP or REJECT rules, adjust the firewall to allow BGP traffic.
iptables -A INPUT -p tcp --dport 179 -j ACCEPT
iptables -A OUTPUT -p tcp --sport 179 -j ACCEPT
Verify the AS numbers match the configuration on both sides. A mismatch prevents session establishment.
vtysh -c "show running-config | section router bgp"
Check for BGP dampening or filter-lists that might be blocking updates. Ensure the network statements match the actual subnets you want to advertise.
vtysh -c "show ip bgp neighbors 192.168.1.2 advertised-routes"
Review the logs for specific error messages related to the BGP session.
journalctl -u frr -f
Look for messages indicating "Hold timer expired" or "Neighbor not found". Correct the configuration and reload the daemon.