Los Angeles, California


1-844-CLOUDLA 1-844-256-8352


Mon-Fri 8:00 am to 4:00 pm

Ubiquiti EdgeRouter Single Peer BGP Setup

The Ubiquiti EdgeRouter Pro is an excellent router if you're looking for carrier grade performance at a fraction of the price of Cisco or Juniper. It uses standard DIMM memory, so you can use the EdgeRouter Pro to accommodate full BGP routes for a cost of hundreds of dollars, rather than tens of thousands. It runs EdgeOS which is Ubiquiti's port of Vyatta. Vyatta is a mature, widely used and well documented software router that has a very complete feature set, rational and easy to learn CLI and excellent performance. Ubiquiti EdgeOS makes a nice improvement on Vyatta with a great GUI mated to reliable and affordable hardware.

In this example we'll be getting the EdgeOS setup to talk to our upstream carrier and advertise a single public IP block with our public ASN. To complete the configuration we will need the following information:

  • The carrier/upstream ASN.
  • The carriers upstream IP address.
  • The IP address assigned to our circuit.
  • Our ASN assigned by ARIN/RIPE/etc.
  • The IP block we wish to announce to the internet.

In this example we will use actual values for cloud.LA and our carrier. Most online examples use private address space and fictitious ASNs for their documentation which can be confusing to a novice (me).

  • Carrier ASN = 174.
  • Our ASN = 54987.
  • Carriers upstream router IP =
  • IP assigned by carrier to our router =
  • Prefix to announce to the internet =

In EdgeOS, like most other network operating systems, there are several steps to bring up a BGP peering and announce routes, these steps will generally be the basic steps required for most platforms (IOS, JunOS etc).

  1. Configure the BGP prefix list.
  2. Configure the BGP neighbor.
  3. Set a static route to blackhole for the prefix you are announcing.
  4. Announce our address space into BGP.

1. Configure the BGP prefix list

I usually attempt to do this as the second step however if you don't complete this step before bringing up the neighbor adjacency BGP will automatically import any routes it is being sent into your router. Usually this is not an issue if you only have one upstream provider as you will be importing either the global routing table, a subset of the global table or a default route. This is generally a question your carrier will ask you before they provision the circuit so you will be aware of this.

However if, for some reason, you want to perform any ingress filtering or alternatively you are configuring a peering session with a downstream router (a customers device perhaps) you may not want to blindly accept any routes immediately when the session is established. For this reason I find configuring the prefix list prior to configuring the neighbor information a bit cleaner.

In CLI configure mode:

set policy prefix-list EXPORT-AS54987 rule 10 action permit
set policy prefix-list EXPORT-AS54987 rule 10 prefix
set policy prefix-list EXPORT-AS54987 rule 10 description “Announce”

In GUI Config Tree mode:


The commands above do the following:

Creates a prefix list called EXPORT-AS54987, matches the network and allow this prefix to be announced to the specified neighbor.

It is a good idea to name your prefix lists intelligently as a way of documenting your configuration, here we have named this prefix list by the function it is serving (EXPORT) and the ASN it is related to ie: who we are exporting routes to. You can have more than one rule pre prefix list but in this example we will only use one.

In this post we are going to assume that we will be importing whatever routes our upstream provider is going to send us, As I said before, BGP will automatically import all routes it is sent, so we will not go through the process of creating an import prefix list.

2. Configure the BGP neighbor

Now we have a prefix list defining the prefixes we want to announce to our neighbor we can go ahead and configure the BGP neighbor itself.

In CLI configure mode:

set protocols bgp 54987 neighbor remote-as 174
set protocols bgp 54987 neighbor soft-reconfiguration inbound
set protocols bgp 54987 neighbor prefix-list export EXPORT-AS54987
set protocols bgp 54987 neighbor update-source

In GUI Config Tree:


The above commands do the following:

Tells BGP process that the neighbor IP is Sets the remote ASN to 174 (the ASN of our carrier). Sets the neighbor to use the EXPORT-AS54987 prefix list. Sets the source interface for BGP updates to (the IP address assigned by our carrier to our end of the circuit). Configures soft reconfiguration inbound, this allows the BGP process to “refresh” the RIB without hard resetting the BGP session (a hard reset drops the session and all traffic while the neighbor ship re converges).

Soft reconfiguration is useful when making changes to a BGP peering session that is already online and passing traffic, for example, announcing a new prefix or removing an existing prefix announcement.

Once you commit this configuration you should be able to see a BGP neighbor session start and come up. You can check this with the following commands:

show ip bgp summary

Here you can see that the BGP session with the neighbor is up but we are yet to start exporting routes to our carrier.

BGP router identifier, local AS number 54987
IPv4 Unicast - max multipaths: ebgp 1 ibgp 1
RIB entries 1, using 128 bytes of memory
Peers 1, using 2524 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd        4 174      22      31        0    0    0 00:17:17        1

3. Set static route to blackhole

We need to set a static route to blackhole for the prefix that we are originating to the internet. We do this to create an aggregate or summary route. This is necessary because BGP will only advertise routes that are in the routing table and a static route to blackhole will accomplish this.

Add a static route to blackhole with the following command:

set protocols static route blackhole

4. Announce prefix into BGP

The last step is to announce the prefix with the bgp network command. This tells BGP which network to advertise:

set protocols bgp 54987 network

You should now be able to see networks being advertised by your router to the carrier's router. We can confirm this by running the following command on the customer router:

show ip bgp neighbors advertised-routes

If this has been done correctly you will see the following output:

BGP table version is 0, local router ID is
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale, R Removed
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
*>                 0         32768 i

Total number of prefixes 1

We now have a basic BGP peering session established and we are successfully advertising our prefix to our upstream carrier who is then passing this onto the internet at large.

Note: Often the carrier will provision BGP but not turn it up until you open a ticket saying your config is ready. This is presumably to prevent spurious routes being populated upstream while you configure your prefix lists. So if you don't see an active neighbor come up when you run the "show ip bgp neighbors", you may need to have a chat with your carrier.

Credit due to NetworkNoob; most of this post is cut and paste from

1 Response

  1. Thanks for this helpful Arch i need to know after i do this config to my pro router and have established connection with ISP neighborhood how i can do fail over Adsl line ? Thanks Again Best Regards

Leave a comment