Showing results for 
Search instead for 
Did you mean: 

BGP Configuration

Hi all,

Please Can any one help me understand this concept...

Let me show you the scenario

one MPLS connection from ISP coming to my router and from my router to DMZ servers

i have to connect to the Remote server to my DMZ server

The ISP gave me the details of BGP to configure

now what i have to do to Route my private network to the remote servers...

i performed NAT on my router to go through the  ISP i can ping to ISP gateway and can see all the router in #sh bgp table

is it correct or i have to directly forward the traffic of Internal Network to ISP through BGP................or

Do i have to Create Tunnels ..if Tunnels are required then what i have to Know from the Remote Office


Many many Thanks in advance


Thankyou John,

can you explain how the null0 route works in my scenario...

i googled it but not able to understand that how the connectivity will be

Null0 gives you a static route to advertise. BGP needs an existing route to be in the routing table before it can advertise it to other peers. The purpose for it in this scenario is that you're natting to an address that is nowhere on your router. The static route allows for the route to be put into the table and let bgp use it. When bgp advertises it, it will show that the comes from your AS and will let everyone upstream know how to get to this address. Technically, I guess you could create a loopback with the ip on there and nat out as that addres but I'd have to lab that up.

I attached the diagram for you to review...

R3 is natted out as R1 has natting configured, but doesn't hold that ip anywhere:


ip nat inside source static tcp 80 80 extendable

R1#sh ip route

% Network not in table


On R2, it doesn't exist either:

R2#sh ip route

% Network not in table


I'll add the null route:

R1(config)#do sh run | inc ip route

ip route Null0


Is it in the routing table now?

R1(config)#do sh ip route

Routing entry for

  Known via "static", distance 1, metric 0 (connected)

  Routing Descriptor Blocks:

  * directly connected, via Null0

      Route metric is 0, traffic share count is 1

So far so let's advertise it in bgp:

R1#sh run | inc router bgp|

router bgp 10

network mask

It's showing in the bgp table:

R1#sh ip bgp regex ^$         

BGP table version is 8, local router ID is

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

              r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path

*>                  0         32768 i

*>                  0         32768 i

*>                  0         32768 i

*>                  0         32768 i


What about R2?

R2#sh ip route

Routing entry for

  Known via "bgp 200", distance 20, metric 0

  Tag 10, type external

  Last update from 00:01:53 ago

  Routing Descriptor Blocks:

  *, from, 00:01:53 ago

      Route metric is 0, traffic share count is 1

      AS Hops 1

      Route tag 10

Okay, so we have the route over at R2. Can it get to

R2#telnet 80

Trying, 80 ... Open

Get / http/1.0

HTTP/1.1 401 Unauthorized

Date: Fri, 01 Mar 2002 00:20:54 GMT

Server: cisco-IOS

Accept-Ranges: none

WWW-Authenticate: Basic realm="level_15_access"

401 Unauthorized

[Connection to closed by foreign host]

Yes it your null route allows for you to basically advertise a route into bgp. There are other uses for null0 like summaries, but this is just to be able to get a route to advertise.

I also labbed up the loopback question and you should be able to do that as well:

R1(config-if)#do sh run int lo1

Building configuration...

Current configuration : 106 bytes


interface Loopback1

ip address

ip nat outside

ip virtual-reassembly


Same configuration for everything else, but you wouldn't have a static route to null0. Notice how I have "ip nat outside" on the loopback interface. That's because I want traffic to use this ip as outgoing. I still  have the nat configuration on the router though:

R1#sh run | i ip nat inside source

ip nat inside source static tcp 80 interface Loopback1 80

R1#sh ip nat trans

Pro Inside global      Inside local       Outside local      Outside global

tcp     ---                ---


On R2:

R2#telnet 80

Trying, 80 ... Open

Sorry for such a long post In conclusion, you can use either one you wish; both seem to work fine.


*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

Hi John,

i am speechless after seeing your post...

i don't know how to thank you, you took so much stress to explain this to adumb guy like me......hatsoff to your efforts

you made my life so much easy.....

the first one looks like secure but i want to go for the second one by creating loopback ..

now i am looking ahead for the testing phase with the remote server....i hope everything wil work fine

i configured loopback...

#int loopback 10

#ip add

advertised it through Bgp ...

#network mask

#neighbor remote as 65000

natted the incoming and outgoing traffic ..

#ip nat inside source static tcp 5775 5775 extendable

# int lo 10

ip nat outside

# int gig 0/1

ip nat inside

is it correct

once again thanks a lot...

thanks a lot....

It looks correct to me Thank you for the kind words and I hope I helped. I look forward to hearing how things went!


HTH, John *** Please rate all useful posts ***