How to Configure BGP Routing with BIRD on RHEL 9

BGP (Border Gateway Protocol) is the routing protocol that underpins the internet, exchanging routing information between autonomous systems (ASes). On RHEL 9, BIRD (BIRD Internet Routing Daemon) provides a robust, actively maintained BGP implementation suited for both lab environments and production edge routers. This tutorial walks through installing BIRD 2 on RHEL 9, writing a basic configuration, peering with a BGP neighbor, and verifying route propagation using the birdc shell.

Prerequisites

• RHEL 9 server with a registered subscription or access to the EPEL/AppStream repositories
• Root or sudo access
• A BGP peer (physical router, VM, or lab instance) with AS number and IP address available
• Basic familiarity with IP routing concepts (AS numbers, prefixes, next-hop)

Step 1 — Install BIRD 2

BIRD 2 is available in the RHEL 9 AppStream repository. Install it with DNF and verify the version.

sudo dnf install -y bird2
bird --version

The package installs the bird daemon binary, the birdc control shell, and the systemd unit bird.service. The default configuration file is /etc/bird.conf.

Step 2 — Write the Base Configuration

BIRD 2 uses a single unified configuration file. Open /etc/bird.conf and replace its contents with a minimal working configuration. The router id must be a unique IPv4 address (typically the primary interface address of this router).

sudo cp /etc/bird.conf /etc/bird.conf.orig
sudo tee /etc/bird.conf > /dev/null << 'EOF'
# Global router ID
router id 192.168.1.1;

# Log to syslog
log syslog all;

# Kernel protocol — sync BIRD routes into the OS routing table
protocol kernel {
    ipv4 {
        export all;
    };
}

# Device protocol — discovers interfaces automatically
protocol device {
    scan time 10;
}

# Static routes to originate into BGP
protocol static mystatics {
    ipv4;
    route 10.10.0.0/24 via 192.168.1.254;
}

# BGP peer — replace with real peer IP and AS numbers
protocol bgp mypeer {
    neighbor 192.168.1.2 as 65002;
    local as 65001;

    ipv4 {
        export all;   # advertise all known IPv4 routes to peer
        import all;   # accept all IPv4 routes from peer
    };
}
EOF

Adjust 192.168.1.1 (local router ID), 192.168.1.2 (peer IP), 65001 (local AS), and 65002 (peer AS) to match your environment.

Step 3 — Start and Enable the BIRD Service

Validate the configuration syntax before starting the daemon to catch typos early.

# Check configuration syntax
sudo bird --config /etc/bird.conf --check

# Start and enable the service
sudo systemctl enable --now bird.service

# Confirm the service is running
sudo systemctl status bird.service

A healthy start shows Active: active (running). If the service fails, check journalctl -xeu bird.service for configuration parse errors.

Step 4 — Verify BGP Sessions with birdc

The birdc shell connects to the running BIRD socket and lets you inspect protocol state, routing tables, and export/import counts in real time.

# Enter the BIRD control shell
sudo birdc

# Inside birdc — show all protocol status
show protocols

# Show detailed BGP session info
show protocols all mypeer

# Show the main IPv4 routing table
show route

# Show only routes learned from the peer
show route protocol mypeer

# Exit birdc
quit

A successful BGP session shows state Established under show protocols. The show route protocol mypeer command lists every prefix received from the neighbor. If the state is Active or Idle, confirm the peer IP is reachable with ping and that both sides have matching AS numbers.

Step 5 — Filter Routes with a BIRD Filter

In production you should never use import all or export all. BIRD filters let you accept only specific prefixes or communities. Add the following filter above the BGP protocol block in /etc/bird.conf.

# Allow only RFC1918 prefixes from the peer
filter accept_private {
    if net ~ [ 10.0.0.0/8+, 172.16.0.0/12+, 192.168.0.0/16+ ] then accept;
    reject;
}

protocol bgp mypeer {
    neighbor 192.168.1.2 as 65002;
    local as 65001;

    ipv4 {
        export all;
        import filter accept_private;   # only accept private ranges
    };
}

# Reload configuration without restarting the daemon
# (run from shell, not birdc)
sudo birdc configure

The net ~ [ prefix-list ] syntax matches a route against a list of prefixes with optional prefix-length wildcards (the + means “this prefix or longer”). After editing the file, run sudo birdc configure to apply changes live without dropping the BGP session.

Step 6 — Open Firewall Ports

BGP uses TCP port 179. If firewalld is running, allow the BGP port so the peer can establish the TCP session.

# Allow BGP (TCP 179) permanently
sudo firewall-cmd --permanent --add-port=179/tcp
sudo firewall-cmd --reload

# Confirm the rule is active
sudo firewall-cmd --list-ports

Conclusion

You have installed BIRD 2 on RHEL 9, written a BGP configuration with a peer session and a route filter, started the daemon, and verified session state using the birdc control shell. BIRD’s expressive filter language makes it well-suited for complex routing policies on a standard Linux server.

Next steps: How to Set Up ZFS on RHEL 9, How to Configure Network Bonding and Teaming on RHEL 9, and How to Set Up Pacemaker and Corosync for High Availability on RHEL 9.