BGP Routing Setup

We configure eBGP sessions with upstream providers, IXP peers, or cloud Direct Connect/ExpressRoute endpoints. Sessions use MD5 authentication, TTL security (GTSM), and maximum prefix limits to prevent route leaks from crashing your router. BFD (Bidirectional Forwarding Detection) enables sub-second failover detection. Each session gets monitored for state changes, prefix counts, and flap frequency.

Inbound filters reject bogon prefixes, your own prefixes (prevent loops), and prefixes not registered in IRR databases. Outbound filters ensure you only announce your own prefixes — preventing accidental route hijacking. RPKI validation rejects routes with invalid origin attestation. Prefix lists and AS-path filters are generated from RADB/IRR data and updated automatically. We've seen one missing filter cause global routing incidents.

Local preference controls outbound path selection — prefer lower-latency or lower-cost providers. MED (Multi-Exit Discriminator) and AS-path prepending influence inbound traffic from peers. Communities tag routes for provider-specific traffic engineering (blackholing, regional preference). We model traffic flows and tune BGP attributes to match your cost and performance objectives.

Multi-homed setups with two or more upstream providers ensure no single link failure causes an outage. BFD detects link failures in milliseconds; BGP converges and reroutes traffic within seconds. We test failover by simulating link failures — verifying that traffic shifts cleanly and performance remains acceptable on the backup path. Runbooks document expected failover behavior and manual intervention procedures.