Hi, Comunity and Microsoft's engineers.
This is a question, related to co-working of RRAS, S2S VPN, and BGP on MS Windows Server platform. It looks as is the built-in BGP component doesn't work properly with S2S VPN. At least - I can't configure it properly, so I need your assistance. Any help is appreciated.
Please, take a look at the setup, it is very simple:
There is two Windows Server 2019 Std instances with RRAS role installed. RRAS is configured as non-multitenant on both nodes (because multi-tenancy isn't used in this setup). The Windows/RRAS instances are gateways of sites that belong to the same organization. The gateways are connected one to other via a public network (usually it is Internet but in this certain setup I use the network 10.10.0.0/16. I assume the network represents Internet connection in this setup). The sites are connected one to other via site-to-site VPN over PPTP connection between RRAS instances via ETH0/10.10.0.0/16 interfaces. The VPN link is persistent. The demand-dial interface at node S1GW is configured as dial-in and the demand-dial interface at node S2GW is configured as dial-out. The demand-dial interfaces on both sites are configured with static IPv4 addresses. For testing purposes - firewall is disabled on both nodes.
The VPN link establishes well and the gateways can ping one to other via the VPN link.
Then I need to configure dynamic routing between sites via BGP. I use iBGP in this setup as both sites belong to the same organization. In this setup, I use private ASN 64801.
On S1GW node (BGP router acts as a responder only):
Add-BgpRouter -BGPIdentifier 192.168.101.0 -LocalASN 64801
Add-BgpCustomRoute -Network 192.168.10.0/24
Add-BgpCustomRoute -Network 192.168.11.0/24
Add-BgpPeer -PeerName S2 -PeerIPAddress 192.168.102.10 -LocalIPAddress 192.168.101.10 -PeerASN 64801 -OperationMode Server -PeeringMode Automatic -Weight 400
On S2GW node:
Add-BgpRouter -BGPIdentifier 192.168.102.0 -LocalASN 64801
Add-BgpCustomRoute -Network 192.168.20.0/24
Add-BgpCustomRoute -Network 192.168.21.0/24
Add-BgpPeer -PeerName S1 -PeerIPAddress 192.168.101.10 -LocalIPAddress 192.168.102.10 -PeerASN 64801 -OperationMode Mixed -PeeringMode Automatic -Weight 400
After that:
Get-BgpPeer report that the peer is in "connected" state on both nodes.
Get-BgpStatistics reports that the peers are exchanged their routes.
Get-BgpRouteInformation displays nothing
route print -4 also doesn't show expected routes.
So weird, is it? I doubt it is proper behavior. I consulted the official BGP deployment guide from Microsft and found this configuration is declared as fully supported.
Hm... Let's re-check it and reconnect the peers directly (with no VPN connection):
For this, I re-configured the BGP peers on both gateways:
On S1GW node:
Set-BgpPeer -PeerName S2 -PeerIPAddress 10.10.0.20 -LocalIPAddress 10.10.0.10
On S2GW node:
Set-BgpPeer -PeerName S1 -PeerIPAddress 10.10.0.10 -LocalIPAddress 10.10.0.20
And after that... It started working like a charm. Hey, BGP, what's up?
I dug Internet for a week in tries to find guides on how to configure this easy setup. As usual there - I found nothing. There are no any guides, explanations, examples from Microsoft. Nothing!
Could somebody, please, explain this BGP's behavior and how it must be configured to work via S2S VPN link?
Thank you so much in advance.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(259.20000000000005, 92%, 35%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EN8%3C/text%3E%3C/svg%3E)
