How to Configure Windows Server 2019 Border Gateway Protocol

Border Gateway Protocol (BGP) is the routing protocol that underpins the internet and is increasingly used in enterprise and cloud datacenter environments for dynamic route exchange between networks. Windows Server 2019 includes a full-featured BGP implementation as part of the Remote Access role. This guide covers the complete process of configuring BGP on Windows Server 2019 for both standalone routers and multi-tenant RAS Gateway deployments.

Prerequisites and Role Installation

BGP in Windows Server 2019 is included within the Remote Access role. Before configuring BGP, install the Routing sub-role of Remote Access. Open an elevated PowerShell session and run:

Install-WindowsFeature RemoteAccess -IncludeManagementTools
Install-WindowsFeature Routing -IncludeManagementTools

After installation, install and configure Remote Access as a LAN router (not a VPN server) to enable BGP without full remote access functionality:

Install-RemoteAccess -VpnType RoutingOnly

Configuring a BGP Router

The core BGP configuration involves creating a BGP router instance with a local Autonomous System Number (ASN) and router ID. The router ID is typically the IP address of the router’s loopback or primary interface. Private ASNs range from 64512 to 65534:

Add-BgpRouter `
    -BgpIdentifier "10.0.0.1" `
    -LocalASN 65100 `
    -PassThru

Verify the BGP router was created correctly:

Get-BgpRouter

Adding BGP Peers

BGP peers are routers that exchange routing information with each other. iBGP peers share the same ASN (internal BGP), while eBGP peers have different ASNs (external BGP). Add an eBGP peer connecting to an upstream provider or SDN controller:

Add-BgpPeer `
    -Name "UpstreamRouter" `
    -LocalIPAddress "10.0.0.1" `
    -PeerIPAddress "10.0.0.2" `
    -LocalASN 65100 `
    -PeerASN 65200 `
    -PeerPort 179 `
    -PassThru

Add an iBGP peer for an internal route reflector scenario:

Add-BgpPeer `
    -Name "InternalPeer" `
    -LocalIPAddress "10.0.0.1" `
    -PeerIPAddress "10.0.0.3" `
    -LocalASN 65100 `
    -PeerASN 65100 `
    -PassThru

Advertising Network Prefixes

BGP must be told which network prefixes to advertise to peers. Add the local networks you want to announce into the BGP routing table:

Add-BgpCustomRoute -Network "192.168.10.0/24"
Add-BgpCustomRoute -Network "192.168.20.0/24"
Add-BgpCustomRoute -Network "10.100.0.0/16"

You can also advertise a specific interface’s connected network:

Add-BgpCustomRoute -Interface "Ethernet 2"

Configuring BGP Route Policies

Route policies allow you to filter and manipulate BGP routes on ingress and egress. Create a route policy to control which routes are accepted from a peer:

Add-BgpRoutingPolicy `
    -Name "AcceptOnly192" `
    -PolicyType ModifyAttribute `
    -MatchPrefix "192.168.0.0/16" `
    -NewLocalPref 200

Apply the policy to a specific peer for inbound route filtering:

Add-BgpRoutingPolicyForPeer `
    -PeerName "UpstreamRouter" `
    -PolicyName "AcceptOnly192" `
    -Direction Ingress

Create a policy to set the MED (Multi-Exit Discriminator) for outbound routes:

Add-BgpRoutingPolicy `
    -Name "SetMED100" `
    -PolicyType ModifyAttribute `
    -MatchPrefix "10.0.0.0/8" `
    -NewMED 100

Add-BgpRoutingPolicyForPeer `
    -PeerName "UpstreamRouter" `
    -PolicyName "SetMED100" `
    -Direction Egress

Viewing BGP Route Information

Monitor the BGP routing table to verify routes are being learned and advertised correctly:

Get-BgpRouteInformation

View routes received from a specific peer:

Get-BgpRouteInformation -PeerName "UpstreamRouter" -Type ReceivedRoutes

View routes being advertised to a peer:

Get-BgpRouteInformation -PeerName "UpstreamRouter" -Type AdvertisedRoutes

Check the state of all BGP peer sessions:

Get-BgpPeer | Select Name, PeerIPAddress, LocalASN, PeerASN, BgpState

Multi-Tenant BGP Configuration

In a multi-tenant RAS Gateway deployment, each tenant has its own BGP routing domain. Install Remote Access in multi-tenant mode first, then create per-tenant BGP routers:

Install-RemoteAccess -MultiTenancy

Add-BgpRouter `
    -RoutingDomain "TenantA" `
    -BgpIdentifier "172.16.0.1" `
    -LocalASN 65001

Add-BgpPeer `
    -RoutingDomain "TenantA" `
    -Name "TenantA_CE" `
    -LocalIPAddress "172.16.0.1" `
    -PeerIPAddress "172.16.0.2" `
    -LocalASN 65001 `
    -PeerASN 65101

BGP Graceful Restart

Graceful restart allows a BGP router to maintain forwarding during a restart event, preventing traffic drops. Configure the restart timer and stale route removal time:

Set-BgpPeer `
    -Name "UpstreamRouter" `
    -GracefulRestartEnabled $true `
    -RestartWaitTimer 120

Troubleshooting BGP Sessions

If BGP sessions fail to establish, check connectivity on TCP port 179 between peers:

Test-NetConnection -ComputerName "10.0.0.2" -Port 179

Review the BGP event log for errors:

Get-WinEvent -LogName "Microsoft-Windows-RemoteAccess-Router/Operational" -MaxEvents 100 | Where-Object {$_.LevelDisplayName -eq "Error" -or $_.LevelDisplayName -eq "Warning"} | Format-List TimeCreated, Message

Force a peer reset to re-establish the BGP session after configuration changes:

Clear-BgpSession -PeerName "UpstreamRouter" -SoftReset

Proper BGP configuration on Windows Server 2019 enables dynamic routing that responds automatically to network topology changes, reduces manual routing table management, and integrates cleanly with SDN environments. Always use route policies to prevent unwanted route propagation and protect network stability.