Hi BGP4 experts, I'm not one of you and getting to the first step is pretty scary.
I've been reading the van Beijnum (O'Reilly) and Stewart (A-W) books and the man pages for bgpd, bgpd.conf and anything else I can find. What is really hard is to get a configuration to test stuff when you don't have a peer to test against that has been configured properly. In my case the work I do will only be able to be tested when it is put into service and that is a bit daunting to say the least. There is one less critical part of the system that can be tried first (the IPv6 part) but the entire system has to work with minimal disturbance to a swag of hosted webservers etc pretty soon or there will be blood. The scenario is: There is an IPv4 /21 transit and an IPv6 /32 transit at the moment. No BGP. Enter a peering service which is to provide peering for those netblocks over a pretty fat single link. (I don't know the bandwidth but I am assured it is "big enough") I have ASNs for the peering outfit (PO) and the hosting service (HS). The assumption conveyed to me was that the only BGP would be between those two but I have my doubts that that is the right thing to do. The PO has also requested that replies to traffic incoming via the PO would return on the same path. I don't know if we can do that with bgpd or to use pf. Maybe at some stage the HS is going to want to favour one or the other for cost reasons. At the moment the IPv6 traffic is pretty light and interruptions are likely to be tolerated if short so I think I can use it to test how the whole deal will work and just add IPv4 later to the config. I have also figured out all of the internal routing changes needed to be able to cut over in seconds and fall back if needed on both v4 and v6. There, I have displayed my status as an absolute bgpd virgin: Where do I go from here? Everthing else I have done (mail, web, IPsec, OpenVPN etc) has been able to be tested with some old PCs so that I could try stuff and it didn't matter if it "broke", it was all isolated from the 'net. This one is different. TIA, *** NOTE *** Please DO NOT CC me. I <am> subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ /earth: write failed, file system is full cp: /earth/creatures: No space left on device
