Skip to content

BGP Lab

I couldn’t find a place on the internet that would allow a user to pull full internet routes for testing…so I made one.

This allows peering to multiple routers that have multiple upstream connections. This provides your lab with multiple full internet routing table feeds. You are also allowed to send up to 20 prefixes for testing prepending/community strings.
This is for lab use only as all traffic forwarded to these routers is discarded. It could also become best path in your live network and blackhole traffic, so use caution.

The way it works is simple

1. Fill in your info and you will be emailed connection details
2. Create an L2TP tunnel to the endpoints
3. Create BGP sessions over the tunnel

1. Connection Information

After filling in the information below, a username will be assigned to you using the password you specify below. This is what you will use to authenticate the L2TP tunnels.

2. Create A Tunnel

The account information that was emailed to you will have multiple user accounts that allow you to connect to multiple full feed routers.
The domain name for routers are: R1.GregSowell.com and R2.GregSowell.com

Tunnel Example


If the ASN I am assigned is 65001, then I should be given two usernames 65001R1 and 65001R2. In this example I’ll be connecting to router 1, so I’ll be using the 65001R1 username.
Step 1: On my lab router I’ll create a static route for R1.GregSowell.com out of my gateway.

1
2
/ip route
add distance=1 dst-address=209.189.250.27/32 gateway=192.168.1.1

Step 2: Create an L2TP tunnel to R1.GregSowell.com using the username 65001R1 and the password I supplied when signing up above.

1
2
3
/interface l2tp-client
add connect-to=r1.gregsowell.com disabled=no name=l2tp-r1.gregsowell.com \
    password=PopcornPants user=65002R1

3. Create A BGP Peering

Once the tunnel is established I can now peer with the tunnel endpoint IP.
R1’s peering IP is 100.127.0.0 – ASN 64998
R2’s peering IP is 100.127.8.0 – ASN 64999
***You are only allowed to advertise up to 20 routes, thus you should put a filter on your peering to ensure you don’t send too many***

BGP Peer Example


Step 1: Use the ASN I was assigned(in this case 65001) to create a peering to R1’s address 100.127.0.0.

1
2
3
4
5
6
7
8
9
10
/routing bgp instance
set default as=65002
/routing bgp network
add network=9.9.9.0/24 synchronize=no
/routing filter
add action=accept chain=me-to-isp prefix=9.9.9.0/24
add action=discard chain=me-to-isp
/routing bgp peer
add name=r1.gregsowell.com out-filter=me-to-isp remote-address=100.127.0.0 \
    remote-as=64998 ttl=default

Full config for two tunnels and connections:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/interface l2tp-client
add connect-to=r1.gregsowell.com disabled=no name=l2tp-r1.gregsowell.com \
    password=PopcornPants user=65002R1
add connect-to=r2.gregsowell.com disabled=no name=l2tp-r2.gregsowell.com \
    password=PopcornPants user=65002R2
/routing bgp instance
set default as=65002
/ip address
add interface=ether1 address=192.168.1.2/24
/ip route
add distance=1 dst-address=209.189.250.27/32 gateway=192.168.1.1
add distance=1 dst-address=209.189.250.28/32 gateway=192.168.1.1
/routing bgp network
add network=9.9.9.0/24 synchronize=no
/routing bgp peer
add name=r1.gregsowell.com out-filter=me-to-isp remote-address=100.127.0.0 \
    remote-as=64998 ttl=default
add name=r2.gregsowell.com out-filter=me-to-isp \
    remote-address=100.127.8.0 remote-as=64999 ttl=default
/routing filter
add action=accept chain=me-to-isp prefix=9.9.9.0/24
add action=discard chain=me-to-isp

Testing with ICMP

As suggested from others I’ve opened up ICMP, so you can now ping and trace through your connection. It is rate-limited to prevent abuse.

Video Tutorial

Here’s my MUM 2018 Baltimore presentation on using the system; it gives a visual walk through on configuration!

FAQ

Q1. My router connects, but it stops loading routes.
A1. Check your router’s RAM. It appears that Mikrotik has a safety feature built into ROS that only allows a router to consume up to around 85% of RAM with BGP entries. Once it hits this mark, it will just stop loading anymore entries. If this router is virtual or x86, you can always add more RAM to it, otherwise as Tom Smyth would say “get bigger routers *******”. 🙂

A call for help

So I’ve posted configs here for Mikrotik routers, but if you get connected with another brand of router, please be sure to drop me a message, and forward me your CLI configs so that I can post them up for others to use. It looks like just about anything can act as an L2TP client, so let’s see what you guys come up with!

Please drop me a line with any questions or comments. This is a work in progress so improvements should be added incrementally as I find time. Good luck and happy routing folks!