The actual commands are in BOLD text so that they stand out from the comment blocks.
!
! Our ASN is 111
router bgp 111
!
! Be a little more forgiving of an occasional missed keepalive.
no bgp fast-external-fallover
!
! Set the router ID to the loopback IP address of the router.
bgp router-id 172.17.70.1
!
! Track and punt, via syslog, all interesting observations about our
! neighbors. This command is enabled by default.
bgp log-neighbor-changes
!
! Announce our netblock(s) in a manner that does not increase CPU
! utilization. Redistributing from an IGP is dangerous as it increases
! the likelihood of flapping and instability. Redistributing static is
! more stable, but requires the CPU to peruse the routing table at a set
! interval to capture any changes. The network statement, combined with
! a null route, is the least expensive (in terms of CPU utilization) and
! most reliable (in terms of stability) option.
network 1.88.0.0/19
!
! Our first neighbor, 10.10.5.1, is an eBGP peer with the ASN of 333.
neighbor 10.10.5.1 remote-as 333
!
! Set for soft reconfiguration, thus preventing a complete withdrawal
! of all announced prefixes when clear ip bgp x.x.x.x is typed.
neighbor 10.10.5.1 soft-reconfiguration inbound
!
! Type in a description for future reference. Not everyone memorizes
! ASNs. :-)
neighbor 10.10.5.1 description "eBGP with ISP333"
!
! Set up a password for authentication.
neighbor 10.10.5.1 password bgpwith333
!
! Block any inbound announcments that include bogon networks.
! See the actual bogons prefix-list below.
neighbor 10.10.5.1 distribute-list bogons in
!
! Announce only those networks we specifically list. This also prevents
! the network from becoming a transit provider. An added bit of protection
! and good netizenship. See the announce prefix-list below.
neighbor 10.10.5.1 distribute-list announce out
!
! Prevent a mistake or mishap by our peer (or someone with whom our peer
! has a peering agreement) from causing router meltdown by filling the
! routing and BGP tables. This is a hard limit. At 75% of this limit,
! FTOS will issue log messages warning that the neighbor is approaching
! the limit. All log messages should be sent to a remote syslog host.
! The warning water mark can be modified by placing a value after the
! maximum prefix value, e.g. maximum-prefix 250000 50. This will set
! FTOS to issue warning messages when the neighbor reaches 50% of the limit.
! Note that this number may need to be adjusted upward in the future to
! account for growth in the Internet routing table.
neighbor 10.10.5.1 maximum-prefix 250000
!
! Our next neighbor is 10.10.10.1, an eBGP peer with the ASN of 222.
neighbor 10.10.10.1 remote-as 222
neighbor 10.10.10.1 soft-reconfiguration inbound
neighbor 10.10.10.1 description "eBGP with ISP222"
neighbor 10.10.10.1 password bgpwith222
neighbor 10.10.10.1 distribute-list bogons in
neighbor 10.10.10.1 distribute-list announce out
neighbor 10.10.10.1 maximum-prefix 250000
!
! This is our iBGP peer, 172.17.70.2.
neighbor 172.17.70.2 remote-as 111
neighbor 172.17.70.2 soft-reconfiguration inbound
!
! Again, a handy description.
neighbor 172.17.70.2 description "iBGP with our other router"
!
neighbor 172.17.70.2 password bgpwith111
!
! Use the loopback interface for iBGP announcements. This increases the
! stability of iBGP.
neighbor 172.17.70.2 update-source Loopback0
neighbor 172.17.70.2 next-hop-self
neighbor 172.17.70.2 distribute-list bogons in
neighbor 172.17.70.2 maximum-prefix 250000
!
! If we have multiple links on the same router to the same AS, we like to
! put them to good use. Load balance, per destination, with maximum-paths.
! The limit is sixteen. For our example, we will assume two equal size pipes
! to the same AS.
maximum-paths ebgp 2
maximum-paths ibgp 2
!
! Disable proxy ARP on each routed interface
no ip proxy-arp
!
! Now add our null route and the loopback/iBGP route. Remember to add
! more specific non-null routes so that the packets travel to their
! intended destination!
ip route 1.88.0.0/19 Null0
ip route 1.88.50.0/24 192.168.50.5
ip route 1.88.55.0/24 192.168.50.8
ip route 1.88.75.128/17 192.168.50.10
ip route 172.17.70.2/32 192.168.50.2
!
! We protect TCP port 179 (BGP port) from miscreants by limiting
! access. Allow our peers to connect and log all other attempts.
! Remember to apply this ACL to the interfaces of the router or
! add it to existing ACLs.
! Please note that ACL block-bgp would block ALL traffic as written. This
! is designed to focus only on protecting BGP. You MUST modify ACL
! block-bgp to fit your environment and approved traffic patterns.
! This access list MUST then be applied to interface Loopback0.
ip access-list extended block-bgp
seq 5 permit tcp host 10.10.5.1 host 10.10.5.2 eq 179
seq 10 permit tcp host 10.10.5.1 eq 179 host 10.10.5.2
seq 15 permit tcp host 10.10.10.1 host 10.10.10.2 eq 179
seq 20 permit tcp host 10.10.10.1 eq 179 host 10.10.10.2
seq 25 permit tcp host 172.17.70.2 host 172.17.70.1 eq 179
seq 30 permit tcp host 172.17.70.2 eq 179 host 172.17.70.1
seq 35 deny tcp any any eq 179 log
!
! The announce prefix list prevents us from announcing anything beyond
! our aggregated netblock(s).
ip prefix-list announce
description Our allowed routing announcements
seq 5 permit 1.88.0.0/19
seq 10 deny any
!
! Allow all prefixes up to /27. Your mileage may vary,
! so adjust this to fit your specific requirements.
seq 525 permit 0.0.0.0/0 le 27
!
! END