Related Topics
Sample BGP Routing Configuration File
To use any of the dynamic routing protocols with Fireware XTM, you must import or type a configuration file for the dynamic routing daemon. This topic includes a sample configuration file for the BGP routing daemon. If you want to use this configuration file as a base for your own configuration file, copy the text into an application such as Notepad or Wordpad and save it with a new name. You can then edit the parameters to meet your own business requirements.
Optional commands are commented with the "!" character. To enable a command, delete the "!" and modify variables as necessary.
Sample 1 — IPv4
!! SECTION 1: Start BGP daemon and announce network blocks to BGP neighbors
! Enable BGP and set local ASN to 100
! router bgp 100
! Announce local network 192.0.2.0/24 to all neighbors defined in section 2
! network 192.0.2.0/24
!! SECTION 2: Neighbor properties
! Set neighbor (192.0.2.1) as member of remote ASN (200)
! neighbor 192.0.2.1 remote-as 200
! Set neighbor (203.0.113.1) on another network using EBGP multi-hop
! neighbor 203.0.113.1 remote-as 300
! neighbor 203.0.113.1 ebgp-multihop
! Set BGP version (4, 4-) for communication with a neighbor; default is 4
! neighbor 192.0.2.1 version 4-
! Announce default route to BGP neighbor (192.0.2.1)
! neighbor 192.0.2.1 default-originate
! Set custom TCP port 189 to communicate with BGP neighbor (192.0.2.1). Default port is TCP 179
! neighbor 192.0.2.1 port 189
! Set peer send-community
! neighbor 192.0.2.1 send-community
! Set a default weight for neighbors (192.0.2.1) routes
! neighbor 192.0.2.1 weight 1000
! Set maximum number of prefixes allowed from this neighbor
! neighbor 192.0.2.1 maximum-prefix NUMBER
!! SECTION 3: Set community lists
! ip community-list 70 permit 7000:80
!! SECTION 4: Announcement filtering
! Set distribute list and direction for peer
! neighbor 192.0.2.1 distribute-list LISTNAME [in|out]
! To apply a prefix list to be matched to incoming or outgoing advertisements to that neighbor
! neighbor 192.0.2.1 prefix-list LISTNAME [in|out]
! To match an autonomous system path access list to incoming or outgoing routes
! neighbor 192.0.2.1 filter-list LISTNAME [in|out]
! To apply a route map to incoming or outgoing routes
! neighbor 192.0.2.1 route-map MAPNAME [in|out]
!! SECTION 5: Redistribute routes to BGP
! Redistribute static routes to BGP
! Redistribute static
! Redistribute rip routes to BGP
! Redistribute rip
! Redistribute ospf routes to BGP
! Redistribute ospf
!! SECTION 6: Route reflection
! Set cluster ID and firewall as a client of route reflector server 198.51.100.254
! bgp cluster-id A.B.C.D
! neighbor 198.51.100.254 route-reflector-client
!! SECTION 7: Access lists and IP prefix lists
! Set prefix list
! ip prefix-list PRELIST permit 10.0.0.0/8
! Set access list!access-list NAME deny 192.0.2.128/25
! access-list NAME permit 192.0.2.0/25
! Create a route map with name MAPNAME and allow with a priority of 10
! route-map MAPNAME permit 10
! match ip address prefix-list LISTNAME
! set community 7000:80
Sample 2 — IPv6
!! SECTION 1: Start BGP daemon and set BGP neighbors
! Enable BGP and set local ASN to 100
! router bgp 100
! set route id for bgp
! bgp route-id 1.1.1.1
! Set neighbor (2000::2) as member of remote ASN (200)
! neighbor 2000::2 remote-as 200
!! SECTION 2: Enter IPv6 Address Family command mode
! address-family ipv6
!! SECTION 3: Neighbor properties
! Activate Neighbor 2000::2
! neighbor 2000::2 activate
! Announce default route to BGP neighbor (2000::2)
! neighbor 2000::2 default-originate
!!SECTION 4: Announce network
! Announce local network 3344::/64 to all neighbors
! network 3344::/64
!! SECTION 5: Announcement filtering
! Set distribute list and direction for peer
! neighbor 2000::2 distribute-list LISTNAME [in|out]
! To apply a prefix list to be matched to incoming or outgoing advertisements to that neighbor
! neighbor 2000::2 prefix-list PRELIST [in|out]
! To match an autonomous system path access list to incoming or outgoing routes
! neighbor 2000::2 filter-list LISTNAME [in|out]
! To apply a route map to incoming or outgoing routes
! neighbor 2000::2 route-map MAPNAME [in|out]
!! SECTION 6: Redistribute routes to BGP
! Redistribute static routes to BGP
! Redistribute static
! Redistribute ripng routes to BGP
! Redistribute ripng
! Redistribute ospfv3 routes to BGP
! Redistribute ospf6
!! SECTION 7: Exit IPv6 Address Family command mode
! exit-address-family
!! SECTION 8: Access lists and IP prefix lists
! Set prefix list
! ipv6 prefix-list PRELIST permit 3000::/64
! Set access list
! ipv6 access-list LISTNAME deny 4000::/64
! ipv6 access-list LISTNAME permit 4000::/25
! Create a route map with name MAPNAME and allow with a priority of 10
! route-map MAPNAME permit 10
! match ipv6 address LISTNAME
Sample 3 — IPv4 and IPv6
router bgp 65534
bgp router-id 10.15.1.1
timers bgp 5 15
network 10.15.2.0/24
ipv6 bgp network 1500::0/64
neighbor 172.16.255.2 remote-as 65535
neighbor 172.16.255.2 timers connect 5
neighbor fd00::25 remote-as 65535
neighbor fd00::25 timers connect 5
address-family ipv6
# network 1500::0/64 ### Note — you can use this in place of the above ipv6 bgp network command above
neighbor fd00::25 activate ### Note — this neighbor activate command must be inside the address-family ipv6 mode in order to work
exit-address-family
See Also
About Border Gateway Protocol (BGP)