Introduction to BGP Routing on Windows Server 2019
Border Gateway Protocol (BGP) is the routing protocol that powers the internet, used to exchange routing information between autonomous systems (AS). In Windows Server 2019, BGP routing is available as part of the Remote Access role and is commonly used in software-defined networking scenarios, branch office connectivity, and hybrid cloud deployments where Windows Server acts as a virtual BGP router. Microsoft Azure also supports BGP for ExpressRoute and VPN Gateway connections, making Windows Server BGP valuable for hybrid connectivity scenarios.
Windows Server 2019 BGP supports iBGP (internal BGP between routers in the same AS) and eBGP (external BGP between different autonomous systems). It supports route policies including prefix lists, AS path filters, community attributes, and multi-exit discriminator (MED) values.
Installing the Remote Access Role for BGP
BGP in Windows Server 2019 requires the Remote Access role with the Routing sub-feature:
Install-WindowsFeature -Name RemoteAccess, Routing -IncludeManagementToolsEnable IP routing by configuring RRAS:
Install-RemoteAccess -VpnType RoutingOnlyAlternatively, if you only need routing (not VPN), enable just the routing component:
Set-ItemProperty -Path "HKLM:SYSTEMCurrentControlSetServicesTcpipParameters" -Name "IPEnableRouter" -Value 1
Restart-Service -Name RemoteAccessConfiguring a BGP Router
Create a BGP router instance. You must specify an AS (Autonomous System) number — use a private AS number (64512-65534) for internal routing:
Add-BgpRouter -BgpIdentifier 192.168.1.10 -LocalASN 65001The BGP identifier is typically the highest loopback or management IP of the router. Verify the BGP router was created:
Get-BgpRouterAdding BGP Peers
Add an eBGP peer (a router in a different autonomous system). For example, peering with an upstream ISP router:
Add-BgpPeer -Name "ISP-Peer" -LocalIPAddress 203.0.113.1 -PeerIPAddress 203.0.113.2 -PeerASN 65000 -LocalASN 65001 -PeeringMode Automatic -HoldTimeSec 30 -IdleHoldTimeSec 3Add an iBGP peer (a router in the same autonomous system):
Add-BgpPeer -Name "Internal-Router" -LocalIPAddress 192.168.1.10 -PeerIPAddress 192.168.1.20 -PeerASN 65001 -LocalASN 65001 -PeeringMode AutomaticView all configured BGP peers and their state:
Get-BgpPeer | Select PeerName, PeerIPAddress, PeerASN, BgpState, ConnectedSinceA peer in the “Established” state is actively exchanging routing information.
Advertising Routes via BGP
Advertise (inject) local routes into BGP so peers learn about your networks. Add a network to BGP routing:
Add-BgpNetwork -Network "192.168.1.0/24" -InterfaceAlias "Ethernet 1"Advertise multiple networks:
Add-BgpNetwork -Network "10.0.0.0/8" -InterfaceAlias "Internal NIC"
Add-BgpNetwork -Network "172.16.0.0/12" -InterfaceAlias "Internal NIC"View currently advertised networks:
Get-BgpNetworkConfiguring BGP Route Policies
BGP route policies control which routes are accepted from peers and which routes are advertised. Create a route policy that allows only specific prefixes from a peer (prefix list filtering):
# Create a route policy that allows only the 10.0.0.0/8 prefix
Add-BgpRouteAggregate -Prefix "10.0.0.0/8" -PreserveASPath Enabled -SummaryOnly DisabledSet AS path prepending to make routes less preferred by adding your AS to the path multiple times:
Set-BgpPeer -Name "ISP-Peer" -RoutingDomain "Default" -MaxAllowedPrefix 100Viewing BGP Routing Table
View all BGP-learned routes in the routing table:
Get-BgpRouteInformation | Select Network, NextHop, Origin, LocalPref, Med, AsPathFilter for routes learned from a specific peer:
Get-BgpRouteInformation -PeerList "ISP-Peer" | Select Network, NextHop, AsPathView routes being advertised to a peer:
Get-BgpStatistics | Select PeerName, TotalNetworkRoutesAdvertised, TotalNetworkRoutesLearnedTroubleshooting BGP
Check BGP session statistics for a peer:
Get-BgpStatistics -PeerName "ISP-Peer"Force a BGP session to reset (useful after configuration changes):
Clear-BgpSession -PeerName "ISP-Peer" -ForceEnable BGP logging to see detailed session events:
Get-WinEvent -LogName "Microsoft-Windows-RRAS/Operational" | Where-Object {$_.Message -like "*BGP*"} | Select TimeCreated, Message | Select-Object -First 20Windows Server 2019 BGP is a capable software routing solution well-suited for small and medium-scale deployments, lab environments, and Microsoft Azure gateway appliances where a full-featured hardware router is not justifiable.
