🔁 BGP ISP Lab: Full Setup with iBGP, eBGP, OSPF, NAT & Route Reflectors
🧱 Topology Overview
This lab consists of two Internet Service Providers and multiple customers simulating a real-world ISP backbone and enterprise edge environment:
Participants
- ISP1 (ASN 64501): A regional ISP using iBGP with route reflectors and OSPF internally. It provides BGP transit service to two customer sites (CusA and CusB). Its provider edge routers are ISP1RRC1 and ISP1RRC2.
- ISP2 (ASN 64502): Another regional ISP with a similar setup to ISP1. It serves CusX and CusY. Its provider edge routers are ISP2RRC1 and ISP2RRC2.
- Upstream ISP: Connects both ISP1 and ISP2 via eBGP, simulating a Tier-1 internet backbone.
- Customers (CusA, CusB, CusX, CusY): Each is a Customer Edge (CE) router. They connect to their respective ISP using private IPs and access the Internet through NAT and BGP services provided by the ISPs.
- ISP1 (ASN 64501): A regional ISP using iBGP with route reflectors and OSPF internally. It provides BGP transit service to two customer sites (CusA and CusB).
- ISP2 (ASN 64502): Another regional ISP with a similar setup to ISP1. It serves CusX and CusY.
- Upstream ISP: Connects both ISP1 and ISP2 via eBGP, simulating a Tier-1 internet backbone.
- Customers (CusA, CusB, CusX, CusY): Each customer connects to one ISP using private IP addressing and accesses the outside world through ISP NAT and BGP routing.
Responsibilities
- ISP1
- Maintain internal reachability via OSPF
- Handle iBGP with route reflector for scalable route learning
- Advertise customer prefixes to upstream ISP
- Provide NAT and routing to CusA and CusB
- ISP2
- Same functions as ISP1 – Serve CusX and CusY (without performing NAT)
- Customers
- Use static routes or default gateway toward their respective ISP
- Expect full Internet reachability through the ISP infrastructure
This topology emphasizes service provider scalability, route control, and multi-customer connectivity, using realistic technologies.
This lab simulates a dual-ISP environment using:
- OSPF as the interior routing protocol
- iBGP with Route Reflectors for scalable internal BGP
- eBGP for inter-AS connectivity
- NAT for providing public access to customers behind private IPs
- Loopback interfaces for stable BGP peering
🧩 Part 1: UpStream ISP
1️⃣ Step: Configure Upstream ISP BGP and Interfaces
hostname UpStreamISP
interface FastEthernet0/0
ip address 8.0.0.1 255.255.255.252
interface FastEthernet1/0
ip address 8.0.0.5 255.255.255.252
router bgp 64500
network 0.0.0.0
# This 'network 0.0.0.0' command in BGP includes the default route (0.0.0.0/0) in the BGP table.
# It is often used when paired with a static default route to Null0 to advertise a default route to downstream routers in both lab and production.
neighbor neighbor 8.0.0.2 remote-as 64501
neighbor 8.0.0.6 remote-as 64502
ip route 0.0.0.0 0.0.0.0 Null0
# This default route ensures that the router advertises a default path to BGP peers.
# In lab environments, this avoids the need for real upstream prefixes.
# In real-world networks, this is used to signal "default route" availability to downstream ASes without requiring full routing tables.
🧩 Part 2: ISP Routers
2️⃣ Step: Configure OSPF for Internal Routing (ISP1 & ISP2)
Each ISP uses OSPF as their IGP to ensure loopback reachability and stable path discovery across links.
This is required so that BGP peering using loopbacks can be established properly.
3️⃣ Step: Configure iBGP with Route Reflectors
To avoid a full mesh of iBGP peers and simplify scalability, each ISP designates a Route Reflector (RR) that peers with PE routers. RRs reflect routes to their iBGP clients, maintaining reachability.
🟢 ISP1 Configuration
Routers managed by ISP1:
- ISP1RR
- ISP1RRC1
- ISP1RRC2
ISP1RR
# ISP1RR - Route Reflector
# Provides route reflection for iBGP clients and connects to Upstream ISP
hostname ISP1RR
interface Loopback0
ip address 192.168.255.0 255.255.255.255
interface FastEthernet0/0
ip address 6.0.0.1 255.255.255.252
no shutdown
interface FastEthernet1/0
ip address 6.0.0.5 255.255.255.252
no shutdown
interface FastEthernet2/0
ip address 8.0.0.2 255.255.255.252
no shutdown
router ospf 1
network 6.0.0.0 0.0.0.3 area 0
network 6.0.0.4 0.0.0.3 area 0
network 192.168.255.0 0.0.0.0 area 0
router bgp 64501
network 6.0.0.0 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 6.0.0.4 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 6.0.0.8 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 6.0.0.12 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
neighbor 8.0.0.1 remote-as 64500
neighbor 192.168.255.1 remote-as 64501
neighbor 192.168.255.1 update-source Loopback0
neighbor 192.168.255.1 route-reflector-client
# This enables the route reflector to reflect routes received from this neighbor to other iBGP clients.
# It reduces the need for a full mesh of iBGP peerings and simplifies scalability.
neighbor 192.168.255.1 next-hop-self
# This rewrites the next-hop attribute of received routes to this router's IP.
# It ensures that iBGP-learned routes are reachable even if the original next-hop is outside the IGP scope.
neighbor 192.168.255.2 remote-as 64501
neighbor 192.168.255.2 update-source Loopback0
neighbor 192.168.255.2 route-reflector-client
neighbor 192.168.255.2 next-hop-self
ISP1RC1
# ISP1RRC1 - Provider Edge Router for ISP1
# Connects to customer CusA and peers with RR
hostname ISP1RRC1
interface Loopback0
ip address 192.168.255.1 255.255.255.255
interface FastEthernet0/0
ip address 6.0.0.9 255.255.255.252
no shutdown
interface FastEthernet1/0
ip address 6.0.0.2 255.255.255.252
no shutdown
router ospf 1
network 6.0.0.0 0.0.0.3 area 0
network 6.0.0.8 0.0.0.3 area 0
network 192.168.255.1 0.0.0.0 area 0
router bgp 64501
neighbor 192.168.255.0 remote-as 64501
neighbor 192.168.255.0 update-source Loopback0
ISP1RC2
# ISP1RRC2 - Provider Edge Router for ISP1
# Connects to customer CusB and peers with RR
hostname ISP1RRC2
interface Loopback0
ip address 192.168.255.2 255.255.255.255
interface FastEthernet0/0
ip address 6.0.0.13 255.255.255.252
no shutdown
interface FastEthernet1/0
ip address 6.0.0.6 255.255.255.252
no shutdown
router ospf 1
network 6.0.0.4 0.0.0.3 area 0
network 6.0.0.12 0.0.0.3 area 0
network 192.168.255.2 0.0.0.0 area 0
router bgp 64501
neighbor 192.168.255.0 remote-as 64501
neighbor 192.168.255.0 update-source Loopback0
🔵 ISP2 Configuration
Routers managed by ISP2:
- ISP2RR
- ISP2RRC1
- ISP2RRC2
ISP2RR
# ISP2RR - Route Reflector for ISP2
# Aggregates and reflects BGP routes between PE routers and upstream
hostname ISP2RR
interface Loopback0
ip address 192.168.255.0 255.255.255.255
interface FastEthernet0/0
ip address 8.0.0.6 255.255.255.252
no shutdown
interface FastEthernet1/0
ip address 7.0.0.1 255.255.255.252
no shutdown
interface FastEthernet2/0
ip address 7.0.0.5 255.255.255.252
no shutdown
router ospf 1
network 2.2.2.0 0.0.0.0 area 0
network 7.0.0.0 0.0.0.3 area 0
network 7.0.0.4 0.0.0.3 area 0
network 192.168.255.0 0.0.0.0 area 0
router bgp 64502
network 7.0.0.0 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 7.0.0.4 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 7.0.0.8 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 7.0.0.12 mask 255.255.255.252
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
neighbor 8.0.0.5 remote-as 64500
neighbor 192.168.255.1 remote-as 64502
neighbor 192.168.255.1 update-source Loopback0
neighbor 192.168.255.1 route-reflector-client
# This enables the route reflector to reflect routes received from this neighbor to other iBGP clients.
# It reduces the need for a full mesh of iBGP peerings and simplifies scalability.
neighbor 192.168.255.1 next-hop-self
# This rewrites the next-hop attribute of received routes to this router's IP.
# It ensures that iBGP-learned routes are reachable even if the original next-hop is outside the IGP scope.
neighbor 192.168.255.2 remote-as 64502
neighbor 192.168.255.2 update-source Loopback0
neighbor 192.168.255.2 route-reflector-client
neighbor 192.168.255.2 next-hop-self
ISP2RC1
# ISP2RRC1 - Provider Edge Router for ISP2
# Connects to customer CusX and peers with RR
hostname ISP2RRC1
interface Loopback0
ip address 192.168.255.1 255.255.255.255
interface FastEthernet0/0
ip address 7.0.0.2 255.255.255.252
no shutdown
interface FastEthernet1/0
ip address 7.0.0.9 255.255.255.252
no shutdown
router ospf 1
network 7.0.0.0 0.0.0.3 area 0
network 7.0.0.8 0.0.0.3 area 0
network 192.168.255.1 0.0.0.0 area 0
router bgp 64502
neighbor 192.168.255.0 remote-as 64502
neighbor 192.168.255.0 update-source Loopback0
ISP2RC2
# ISP2RRC2 - Provider Edge Router for ISP2
# Connects to customer CusY and peers with RR
hostname ISP2RRC2
interface Loopback0
ip address 192.168.255.2 255.255.255.255
interface FastEthernet0/0
ip address 7.0.0.6 255.255.255.252
no shutdown
interface FastEthernet1/0
ip address 7.0.0.13 255.255.255.252
no shutdown
router ospf 1
network 7.0.0.4 0.0.0.3 area 0
network 7.0.0.12 0.0.0.3 area 0
network 192.168.255.2 0.0.0.0 area 0
router bgp 64502
neighbor 192.168.255.0 remote-as 64502
neighbor 192.168.255.0 update-source Loopback0
4️⃣ Step: Configure eBGP Peering Between ISP1, ISP2, and Upstream ISP
UpStreamISP (ASN 64500)
hostname UpStreamISP
interface FastEthernet0/0
ip address 8.0.0.1 255.255.255.252
interface FastEthernet1/0
ip address 8.0.0.5 255.255.255.252
router bgp 64500
network 0.0.0.0
neighbor 8.0.0.2 remote-as 64501
neighbor 8.0.0.6 remote-as 64502
This router connects to both ISP1 and ISP2 over eBGP and advertises the default route to simulate Internet access.
ISP1R (Edge of ASN 64501)
router bgp 64501
neighbor 192.168.255.6 remote-as 64502
neighbor 192.168.255.6 update-source Loopback0
ISP2R (Edge of ASN 64502)
router bgp 64502
neighbor 192.168.255.1 remote-as 64501
neighbor 192.168.255.1 update-source Loopback0
# The 'update-source Loopback0' command ensures BGP peering uses the loopback interface, providing stability and redundancy.
# It allows BGP sessions to stay up as long as there is an IGP route to the loopback, even if physical interfaces go down.
Static Routes for Loopback Reachability
ip route 192.168.255.6 255.255.255.255 102.168.255.2
ip route 192.168.255.1 255.255.255.255 102.168.255.1
This is necessary because BGP peerings use loopbacks; static routes allow the routers to reach remote loopback interfaces before the BGP session is established.
🧩 Part 3: Customer Edge Routers
▶️ Customer Configuration
🧩 CusA – NAT and Routing (Connected to ISP1RRC1)
5️⃣ Step: Configure Customer Edge Router NAT and Routing
Below is the configuration for each Customer Edge (CE) router to access the internet through its connected Provider Edge (PE).
CusA (connected to ISP1RRC1)
hostname CusA
interface FastEthernet0/0
ip address 10.0.0.1 255.255.255.0
ip nat inside
no shutdown
interface FastEthernet1/0
ip address 6.0.0.10 255.255.255.252
ip nat outside
no shutdown
ip nat inside source list 1 interface FastEthernet1/0 overload
access-list 1 permit 10.0.0.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 6.0.0.9
🧩 CusB – NAT and Routing (Connected to ISP1RRC2)
hostname CusB
interface FastEthernet0/0
ip address 10.0.1.1 255.255.255.0
ip nat inside
no shutdown
interface FastEthernet1/0
ip address 6.0.0.14 255.255.255.252
ip nat outside
no shutdown
ip nat inside source list 1 interface FastEthernet1/0 overload
access-list 1 permit 10.0.1.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 6.0.0.13
🧩 CusX – NAT and Routing (Connected to ISP2RRC1)
hostname CusX
interface FastEthernet0/0
ip address 10.0.2.1 255.255.255.0
ip nat inside
no shutdown
interface FastEthernet1/0
ip address 7.0.0.10 255.255.255.252
ip nat outside
no shutdown
ip nat inside source list 1 interface FastEthernet1/0 overload
access-list 1 permit 10.0.2.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 7.0.0.9
🧩 CusY – NAT and Routing (Connected to ISP2RRC2)
hostname CusY
interface FastEthernet0/0
ip address 10.0.3.1 255.255.255.0
ip nat inside
no shutdown
interface FastEthernet1/0
ip address 7.0.0.14 255.255.255.252
ip nat outside
no shutdown
ip nat inside source list 1 interface FastEthernet1/0 overload
access-list 1 permit 10.0.3.0 0.0.0.255
ip route 0.0.0.0 0.0.0.0 7.0.0.13
❗ Note: NAT is only configured on Customer Edge (CE) routers. Provider Edge (PE) routers simply forward traffic without NAT involvement.
6️⃣ Step: Configure BGP Network Advertisements
ISP1RR
router bgp 64501
network 192.168.255.1 mask 255.255.255.255
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 192.168.255.2 mask 255.255.255.255
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 192.168.255.3 mask 255.255.255.255
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 192.168.0.0 mask 255.255.255.0
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
ISP2RR
router bgp 64502
network 192.168.255.6 mask 255.255.255.255
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 192.168.255.4 mask 255.255.255.255
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 192.168.255.5 mask 255.255.255.255
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
network 192.168.0.0 mask 255.255.255.0
# This advertises the specified network into BGP.
# It must match a route in the local routing table to be announced.
This step ensures that important internal subnets and customer prefixes are advertised to the rest of the BGP network, enabling reachability between ASes.
7️⃣ Step: (Optional) Apply BGP Next-Hop-Self to Ensure Routing Consistency
neighbor 192.168.255.X next-hop-self
This is used so that iBGP peers use the local router as the next hop, avoiding cases where the advertised next-hop IP is not reachable within the IGP.
8️⃣ Step: Verify Network Connectivity and Protocol Operations
OSPF
show ip ospf neighbor
show ip route ospf
BGP
show ip bgp summary
show ip bgp
NAT
show ip nat translations
show ip nat statistics
Ping and Traceroute
ping 192.168.0.100
ping 192.168.255.6 source Loopback0
traceroute 192.168.0.100
These commands confirm that routing protocols are functioning, BGP sessions are established, and NAT is properly translating packets for Internet access.
🧾 BGP ISP Lab – Configuration Cheat Sheet
🧭 Lab Summary
| Component | Function |
|---|---|
| OSPF | IGP for internal router reachability |
| iBGP | Internal BGP using Route Reflectors (RR) |
| eBGP | ISP-to-ISP and ISP-to-Upstream peering |
| NAT | Configured only on Customer routers |
| Loopbacks | Used for BGP peering stability |
🔁 Common BGP Commands & Why They Matter
| Command | Purpose |
|---|---|
network x.x.x.x mask y.y.y.y |
Advertises a matching route into BGP |
neighbor x.x.x.x remote-as XXXX |
Defines the BGP peer and its AS number |
update-source Loopback0 |
Ensures BGP uses loopback for stable sessions |
route-reflector-client |
Allows BGP RR to reflect routes between clients |
next-hop-self |
Rewrites next-hop to self for iBGP reachability |
ip route 0.0.0.0 0.0.0.0 Null0 |
Advertises default route without real Internet connectivity |
network 0.0.0.0 (BGP) |
Announces default route via BGP |
📦 Customer Router Checklist (CE)
- Configure NAT:
ip nat inside source list 1 interface Fa1/0 overload access-list 1 permit 10.x.x.0 0.0.0.255 - Default route to ISP:
ip route 0.0.0.0 0.0.0.0 [ISP interface IP] - Set
ip nat insideon LAN,ip nat outsideon WAN
🏢 ISP Router Checklist (PE + RR)
- Enable OSPF:
router ospf 1 network [all subnets] area 0 - Configure iBGP:
neighbor [RR loopback] remote-as [local AS] neighbor [RR loopback] update-source Loopback0 - Configure Route Reflector (on RR only):
neighbor [client loopback] route-reflector-client neighbor [client loopback] next-hop-self
🔍 Basic Verification
| Task | Command |
|---|---|
| BGP summary | show ip bgp summary |
| BGP routes | show ip bgp |
| OSPF neighbors | show ip ospf neighbor |
| NAT translation | show ip nat translations |
| Ping test | ping [IP] |
| Traceroute | traceroute [IP] |
✅ Summary
You’ve now configured a production-style BGP lab with:
- iBGP + Route Reflectors
- eBGP across ISPs
- OSPF for loopback reachability
- NAT for customer Internet access