The actual commands are in BOLD text so that they stand out from the comment blocks.
!
! Our ASN is 111
router bgp 111
!
! Be a little more forgiving of an occasional missed keepalive.
no bgp fast-external-fallover
!
! Set the router ID to the loopback IP address of the router.
bgp router-id 172.17.70.1
!
! Track and punt, via syslog, all interesting observations about our
! neighbors. This command is enabled by default.
bgp log-neighbor-changes
!
! Announce our netblock(s) in a manner that does not increase CPU
! utilization. Redistributing from an IGP is dangerous as it increases
! the likelihood of flapping and instability. Redistributing static is
! more stable, but requires the CPU to peruse the routing table at a set
! interval to capture any changes. The network statement, combined with
! a null route, is the least expensive (in terms of CPU utilization) and
! most reliable (in terms of stability) option.
network 1.88.0.0/19
!
! Our first neighbor, 10.10.5.1, is an eBGP peer with the ASN of 333.
neighbor 10.10.5.1 remote-as 333
!
! Set for soft reconfiguration, thus preventing a complete withdrawal
! of all announced prefixes when clear ip bgp x.x.x.x is typed.
neighbor 10.10.5.1 soft-reconfiguration inbound
!
! Type in a description for future reference. Not everyone memorizes
! ASNs. :-)
neighbor 10.10.5.1 description "eBGP with ISP333"
!
! Set up a password for authentication.
neighbor 10.10.5.1 password bgpwith333
!
! Block any inbound announcments that include bogon networks.
! See the actual bogons prefix-list below.
neighbor 10.10.5.1 distribute-list bogons in
!
! Announce only those networks we specifically list. This also prevents
! the network from becoming a transit provider. An added bit of protection
! and good netizenship. See the announce prefix-list below.
neighbor 10.10.5.1 distribute-list announce out
!
! Prevent a mistake or mishap by our peer (or someone with whom our peer
! has a peering agreement) from causing router meltdown by filling the
! routing and BGP tables. This is a hard limit. At 75% of this limit,
! FTOS will issue log messages warning that the neighbor is approaching
! the limit. All log messages should be sent to a remote syslog host.
! The warning water mark can be modified by placing a value after the
! maximum prefix value, e.g. maximum-prefix 250000 50. This will set
! FTOS to issue warning messages when the neighbor reaches 50% of the limit.
! Note that this number may need to be adjusted upward in the future to
! account for growth in the Internet routing table.
neighbor 10.10.5.1 maximum-prefix 250000
!
! Our next neighbor is 10.10.10.1, an eBGP peer with the ASN of 222.
neighbor 10.10.10.1 remote-as 222
neighbor 10.10.10.1 soft-reconfiguration inbound
neighbor 10.10.10.1 description "eBGP with ISP222"
neighbor 10.10.10.1 password bgpwith222
neighbor 10.10.10.1 distribute-list bogons in
neighbor 10.10.10.1 distribute-list announce out
neighbor 10.10.10.1 maximum-prefix 250000
!
! This is our iBGP peer, 172.17.70.2.
neighbor 172.17.70.2 remote-as 111
neighbor 172.17.70.2 soft-reconfiguration inbound
!
! Again, a handy description.
neighbor 172.17.70.2 description "iBGP with our other router"
!
neighbor 172.17.70.2 password bgpwith111
!
! Use the loopback interface for iBGP announcements. This increases the
! stability of iBGP.
neighbor 172.17.70.2 update-source Loopback0
neighbor 172.17.70.2 next-hop-self
neighbor 172.17.70.2 distribute-list bogons in
neighbor 172.17.70.2 maximum-prefix 250000
!
! If we have multiple links on the same router to the same AS, we like to
! put them to good use. Load balance, per destination, with maximum-paths.
! The limit is sixteen. For our example, we will assume two equal size pipes
! to the same AS.
maximum-paths ebgp 2
maximum-paths ibgp 2
!
! Disable proxy ARP on each routed interface
no ip proxy-arp
!
! Now add our null route and the loopback/iBGP route. Remember to add
! more specific non-null routes so that the packets travel to their
! intended destination!
ip route 1.88.0.0/19 Null0
ip route 1.88.50.0/24 192.168.50.5
ip route 1.88.55.0/24 192.168.50.8
ip route 1.88.75.128/17 192.168.50.10
ip route 172.17.70.2/32 192.168.50.2
!
! We protect TCP port 179 (BGP port) from miscreants by limiting
! access. Allow our peers to connect and log all other attempts.
! Remember to apply this ACL to the interfaces of the router or
! add it to existing ACLs.
! Please note that ACL block-bgp would block ALL traffic as written. This
! is designed to focus only on protecting BGP. You MUST modify ACL
! block-bgp to fit your environment and approved traffic patterns.
! This access list MUST then be applied to interface Loopback0.
ip access-list extended block-bgp
seq 5 permit tcp host 10.10.5.1 host 10.10.5.2 eq 179
seq 10 permit tcp host 10.10.5.1 eq 179 host 10.10.5.2
seq 15 permit tcp host 10.10.10.1 host 10.10.10.2 eq 179
seq 20 permit tcp host 10.10.10.1 eq 179 host 10.10.10.2
seq 25 permit tcp host 172.17.70.2 host 172.17.70.1 eq 179
seq 30 permit tcp host 172.17.70.2 eq 179 host 172.17.70.1
seq 35 deny tcp any any eq 179 log
!
! The announce prefix list prevents us from announcing anything beyond
! our aggregated netblock(s).
ip prefix-list announce
description Our allowed routing announcements
seq 5 permit 1.88.0.0/19
seq 10 deny any
!
! The bogons prefix list prevents the acceptance of obviously bogus
! routing updates. This can be modified to fit local requirements.
! While aggregation is possible - certainly desirable - IANA tends
! to allocate netblocks on a /8 boundary. For this reason, I have
! listed the bogons largely as /8 netblocks. This will make changes
! to the bogons prefix-list easier to accomplish and less intrusive.
! I have listed more specific netblocks when documentation, such as
! RFC1918, is more granular.
! Please see the IANA IPv4 netblock assignment document at the
! following URL:
! http://www.iana.org/assignments/ipv4-address-space
ip prefix-list bogons
description Bogon networks we won't accept.
seq 5 deny 0.0.0.0/8 le 32
seq 10 deny 1.0.0.0/8 le 32
seq 15 deny 2.0.0.0/8 le 32
seq 20 deny 5.0.0.0/8 le 32
seq 30 deny 10.0.0.0/8 le 32
seq 35 deny 23.0.0.0/8 le 32
seq 40 deny 27.0.0.0/8 le 32
seq 45 deny 31.0.0.0/8 le 32
seq 50 deny 36.0.0.0/8 le 32
seq 55 deny 37.0.0.0/8 le 32
seq 60 deny 39.0.0.0/8 le 32
seq 70 deny 42.0.0.0/8 le 32
seq 75 deny 46.0.0.0/8 le 32
seq 80 deny 49.0.0.0/8 le 32
seq 85 deny 50.0.0.0/8 le 32
seq 255 deny 100.0.0.0/8 le 32
seq 260 deny 101.0.0.0/8 le 32
seq 265 deny 102.0.0.0/8 le 32
seq 270 deny 103.0.0.0/8 le 32
seq 275 deny 104.0.0.0/8 le 32
seq 280 deny 105.0.0.0/8 le 32
seq 285 deny 106.0.0.0/8 le 32
seq 290 deny 107.0.0.0/8 le 32
seq 295 deny 108.0.0.0/8 le 32
seq 300 deny 109.0.0.0/8 le 32
seq 305 deny 110.0.0.0/8 le 32
seq 310 deny 111.0.0.0/8 le 32
seq 315 deny 112.0.0.0/8 le 32
seq 320 deny 113.0.0.0/8 le 32
seq 325 deny 114.0.0.0/8 le 32
seq 330 deny 115.0.0.0/8 le 32
seq 390 deny 127.0.0.0/8 le 32
seq 395 deny 169.254.0.0/16 le 32
seq 400 deny 172.16.0.0/12 le 32
seq 405 deny 173.0.0.0/8 le 32
seq 410 deny 174.0.0.0/8 le 32
seq 415 deny 175.0.0.0/8 le 32
seq 420 deny 176.0.0.0/8 le 32
seq 425 deny 177.0.0.0/8 le 32
seq 430 deny 178.0.0.0/8 le 32
seq 435 deny 179.0.0.0/8 le 32
seq 440 deny 180.0.0.0/8 le 32
seq 445 deny 181.0.0.0/8 le 32
seq 450 deny 182.0.0.0/8 le 32
seq 455 deny 183.0.0.0/8 le 32
seq 460 deny 184.0.0.0/8 le 32
seq 465 deny 185.0.0.0/8 le 32
seq 470 deny 186.0.0.0/8 le 32
seq 475 deny 187.0.0.0/8 le 32
seq 490 deny 192.0.2.0/24 le 32
seq 500 deny 192.168.0.0/16 le 32
seq 510 deny 197.0.0.0/8 le 32
seq 512 deny 198.18.0.0/15 le 32
seq 515 deny 223.0.0.0/8 le 32
seq 520 deny 224.0.0.0/3 le 32
! Allow all prefixes up to /27. Your mileage may vary,
! so adjust this to fit your specific requirements.
seq 525 permit 0.0.0.0/0 le 27
!
! END