Windows Server 2019 Cookbook
上QQ阅读APP看书,第一时间看更新

Using dynamic BGP routing in your Windows routing table

In the previous recipe, we added a single route to the routing table. For a lot of networks, this would be sufficient. However, in more complex networks, there might be dozens, hundreds, or even thousands of routes that would be beneficial to learn – especially if your server is acting as a VPN server or a remote gateway.

Thankfully, Windows does have a way to learn these routes from other routers on the network. The Border Gateway Routing (BGP) protocol has been in use since 1989 and is one of the key technologies that allows the internet to work. Because of this, with the cooperation of your networking team, you may be able to have your Windows server learn everything it needs to know about available routes from your corporate routers.

Getting ready

We have a Server 2019 server that will learn the routes. We will also need a network router that has BGP configured and has your server whitelisted to read its routes. Although out of scope for this book, there are virtual machines you can download to act as a pretend router so that you can experiment with BGP. Your network administrator may be able to assist you with this.

Before we can begin, we need to collect some information about the network's BGP configuration. Every network will be different. The details we are going to be using for this example are as follows:

  • The BGP router's IP address. Ours is 172.16.97.1.
  • The BGP router's Autonomous System Number (ASN). Ours is 64999.
  • Your local IP address that is on the same subnet as your router. Ours is 172.16.97.5.

How to do it…

To add our first BGP peer, follow these steps:

  1. First, we need to install the RemoteAccess windows feature. Run Add-WindowsFeature Routing,RSAT-RemoteAccess-PowerShell in an administrator PowerShell window. This will install the RemoteAccess Windows feature.
  2. Now, we need to enable BGP routing. To do this, run Install-RemoteAccess -VpnType RoutingOnly.
  3. Next, we need to create a virtual router on our Windows system. We do this with Add-BgpRouter. BgpIdentifier should be your internal IP address, while LocalASN should be the same as the BGP router's AS number. So, in our case, this will be Add-BgpRouter -BgpIdentifier 172.16.97.5 -LocalASN 64999.
  4. Run the Add-BgpPeer command using the details we collected earlier. In our example, this will be Add-BgpPeer -Name router -LocalIPAddress 172.16.97.5 -PeerIPAddress 172.16.97.1 -PeerASN 64999.

In a simple environment, that should be it – we should now be learning routes from our router. As the router becomes aware of new networks, they will automatically be added to our routing table as well. We can verify that we're receiving routes using the Get-BgpRouteInformation command:

Figure 3.10 – Showing the routes that Windows Server has learned via BGP

That might have all been a bit hard to follow, so for the sake of completeness, every command that was run from beginning to end goes as follows:

Add-WindowsFeature Routing,RSAT-RemoteAccess-PowerShell

Install-RemoteAccess -VpnType RoutingOnly

Add-BgpRouter -BgpIdentifier 172.16.97.5 -LocalASN 64999

Add-BgpPeer -Name router -LocalIPAddress 172.16.97.5 -PeerIPAddress 172.16.97.1 -PeerASN 64999

You can repeat the last command, Add-BgpPeer, for as many different routers as you need to.

How it works…

Adding lots of routes to your server by hand can be a pain. And if they ever change or go offline, you would need run commands to keep them up to date. BGP takes away the pain of having to manage all this by learning from the networks the server is connected to.

The Windows BGP routing ability is basic by many standards – a proper router from Cisco, Juniper, or Mikrotik can do a lot more. However, for the purposes of a typical Windows server, its BGP implementation is more than sufficient. In more advanced situations, such as if your server is a VPN or remote access server, you can also provide BGP routing information back to your core network routers so that you can share information about your servers' networks as well.

Just remember that using BGP generally requires the assistance of your network administrator, and may not be suitable for all networks.

See also...