Re: [pfSense-discussion] BGP to get Internet
Aarno Aukia wrote: Hello, On Thu, Oct 29, 2009 at 17:03, Scott Ullrich sullr...@gmail.com wrote: I do. It requires removing the default gateway from the XML and not visiting the WAN page again afterwards. I haven't bothered - we get full feeds, so all routes are more specific than the default route. -Aarno That is good but what is the point to keep all feeds if you are connected to only two ISP manly for redundancy purposes? Evgeny - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] BGP to get Internet
Hi, On Fri, Oct 30, 2009 at 13:54, Evgeny Yurchenko evg.yu...@rogers.com wrote: I haven't bothered - we get full feeds, so all routes are more specific than the default route. -Aarno That is good but what is the point to keep all feeds if you are connected to only two ISP manly for redundancy purposes? Evgeny There is none, you get away with two default routes from your ISPs if you just want failover. But for the same effort (and some cheap RAM) you can have the full table and do some traffic engineering if you want to. -Aarno -- Aarno Aukia Atrila GmbH Switzerland - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] BGP to get Internet
On Fri, 30 Oct 2009, Aarno Aukia wrote: On Fri, Oct 30, 2009 at 13:54, Evgeny Yurchenko evg.yu...@rogers.com wrote: I haven't bothered - we get full feeds, so all routes are more specific than the default route. That is good but what is the point to keep all feeds if you are connected to only two ISP manly for redundancy purposes? Evgeny There is none, you get away with two default routes from your ISPs if you just want failover. But for the same effort (and some cheap RAM) you can have the full table and do some traffic engineering if you want to. There's generally three options when choosing what kind of feed to receive from an upstream -- full feeds, partial customer-only routes, or default routes only. With full feeds, you'll have full redundancy for outbound traffic also and will be able to (to an extent) detect routing problems further up the path, i.e. in connectivity from ISP A to ISP C, upstream. It will also help protect against failures where layer 2 and 3 is up on the circuit but there are problems with your network provider's routing. Full routes are very important for redundancy but require a considerable amount of memory in router land, which is where partial routes (so you at least know which networks the ISP has) and default-only routes come in. -- William R. Lorenz - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] BGP to get Internet
William R. Lorenz wrote: On Fri, 30 Oct 2009, Aarno Aukia wrote: On Fri, Oct 30, 2009 at 13:54, Evgeny Yurchenko evg.yu...@rogers.com wrote: I haven't bothered - we get full feeds, so all routes are more specific than the default route. That is good but what is the point to keep all feeds if you are connected to only two ISP manly for redundancy purposes? Evgeny There is none, you get away with two default routes from your ISPs if you just want failover. But for the same effort (and some cheap RAM) you can have the full table and do some traffic engineering if you want to. There's generally three options when choosing what kind of feed to receive from an upstream -- full feeds, partial customer-only routes, or default routes only. With full feeds, you'll have full redundancy for outbound traffic also and will be able to (to an extent) detect routing problems further up the path, i.e. in connectivity from ISP A to ISP C, upstream. It will also help protect against failures where layer 2 and 3 is up on the circuit but there are problems with your network provider's routing. Full routes are very important for redundancy but require a considerable amount of memory in router land, which is where partial routes (so you at least know which networks the ISP has) and default-only routes come in. Yes, this is from BGP theory. Returning to pfSense... memory is not an issue nowadays, what about CPU usage? Does anybody have data about CPU load when convergence happens with 'full feeds'? Yevgeny. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] BGP to get Internet
Scott Ullrich wrote: On Thu, Oct 29, 2009 at 12:01 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Hello! sorry if this topic was brought up before but... I am running several pfSense-BGP installations but they are all for redundancy purposes over several links. Does anybody run pfSense with BGP and two Internet providers? My concern is default gateway... if you have to specify default gateway when you configure WAN interface then it should have less metric as the one received via BGP. May be I am missing something here. Thanks. I do. It requires removing the default gateway from the XML and not visiting the WAN page again afterwards. Works fine, has been in use for over a year now since the 2008 hackathon. Scott Thank you. Do you have xml for 1.2.3-RC3 so I could try it? Evgeny. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] BGP to get Internet
From: Scott Ullrich sullr...@gmail.com Subject: Re: [pfSense-discussion] BGP to get Internet On Thu, Oct 29, 2009 at 12:08 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: Thank you. Do you have xml for 1.2.3-RC3 so I could try it? Evgeny. wan ifem1/if mtu/ media/ mediaopt/ bandwidth100/bandwidth bandwidthtypeMb/bandwidthtype spoofmac/ disableftpproxy/ ipaddrXXX.XXX.XX.XXX/ipaddr subnet30/subnet /wan Scott I thought you corrected .php to exclude Gateway input field. So I just modify config.xml and never go to gui to modify WAN interface, right? Thank you. Evgeny. - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense-discussion] BGP to get Internet
On Thu, Oct 29, 2009 at 9:32 PM, Evgeny Yurchenko evg.yu...@rogers.com wrote: I thought you corrected .php to exclude Gateway input field. So I just modify config.xml and never go to gui to modify WAN interface, right? Yep, that boxes WAN IP never changes. Scott - To unsubscribe, e-mail: discussion-unsubscr...@pfsense.com For additional commands, e-mail: discussion-h...@pfsense.com Commercial support available - https://portal.pfsense.org
