[pfSense Support] BGP status
Any word on BGP status. or a simple alternative, until pfsense has BGP function? -chris - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BGP status
On Thu, Jul 30, 2009 at 2:19 PM, Chris Flugstadch...@cascadelink.com wrote: Any word on BGP status. or a simple alternative, until pfsense has BGP function? BGP has existed in system - packages for 2+ years. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BGP status
how did i miss all these packages that were available to install via the gui. now i got a lot of fun stuff to play with over the weekend. thanks, and sorry for being such a nuckle head ;) -topher Scott Ullrich wrote: On Thu, Jul 30, 2009 at 2:19 PM, Chris Flugstadch...@cascadelink.com wrote: Any word on BGP status. or a simple alternative, until pfsense has BGP function? BGP has existed in system - packages for 2+ years. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BGP status
-- From: Chris Flugstad ch...@cascadelink.com Sent: Thursday, July 30, 2009 6:18 PM To: support@pfsense.com Subject: Re: [pfSense Support] BGP status how did i miss all these packages that were available to install via the gui. that's actually kinda funny considering that's the one main benefit that pfSense has over other software firewalls - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] BGP status
Royce Mitchell III wrote: Adam Armstrong wrote: Carp is unnecessary when using BGP, as the provider sees routes into your network via the individual devices and both devices see routes out. You wouldn't want to run BGP from a CARP IP anyawys, as it would result in BGP flapping when the CARP switched. adam. Okay, please forgive my ignorance, but if you have two redundant routers servicing your BGP, how will they decide who is going to handle a packet without some sort of CARP/VRRP communication between them? There are a number of mechanisms for doing this, generally you'll set the localpref high for prefixes coming from the peer you want to use, and set the MED low for prefixes being announced to that peer, that way your peer will send traffic to you on the correct link (lowest MED wins) and you'll send traffic out on the correct link (highest localpref wins). However, if you're doing BGP solely to get redundant connectivity to the same ISP you should look again at CARP and ask what your ISP can do by way of HSRP/VRRP to present a single IP to you from two of their devices. VRRP/CARP/HSRP is generally a far better solution for that due to the slowlness of BGP convergence. adam. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] BGP status
Adam Armstrong wrote: Carp is unnecessary when using BGP, as the provider sees routes into your network via the individual devices and both devices see routes out. You wouldn't want to run BGP from a CARP IP anyawys, as it would result in BGP flapping when the CARP switched. adam. Okay, please forgive my ignorance, but if you have two redundant routers servicing your BGP, how will they decide who is going to handle a packet without some sort of CARP/VRRP communication between them? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] BGP status
Paul M wrote: Royce Mitchell III wrote: Is the BGP package for pfsense available, yet? Also, does it play nice with CARP, or is CARP even necessary when you have BGP? I think CARP is a very different thing - BGP is a way of having multiple circuits to different ISPs to get resilience internet connectivity. CARP is a way of having two devices share an IP. Or am I missing some clever use of BGP and CARP? Carp is unnecessary when using BGP, as the provider sees routes into your network via the individual devices and both devices see routes out. You wouldn't want to run BGP from a CARP IP anyawys, as it would result in BGP flapping when the CARP switched. adam. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] BGP status
Royce Mitchell III wrote: Is the BGP package for pfsense available, yet? Also, does it play nice with CARP, or is CARP even necessary when you have BGP? I think CARP is a very different thing - BGP is a way of having multiple circuits to different ISPs to get resilience internet connectivity. CARP is a way of having two devices share an IP. Or am I missing some clever use of BGP and CARP? - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] BGP status
Adam Armstrong wrote: Royce Mitchell III wrote: Okay, please forgive my ignorance, but if you have two redundant routers servicing your BGP, how will they decide who is going to handle a packet without some sort of CARP/VRRP communication between them? There are a number of mechanisms for doing this, generally you'll set the localpref high for prefixes coming from the peer you want to use, and set the MED low for prefixes being announced to that peer, that way your peer will send traffic to you on the correct link (lowest MED wins) and you'll send traffic out on the correct link (highest localpref wins). However, if you're doing BGP solely to get redundant connectivity to the same ISP you should look again at CARP and ask what your ISP can do by way of HSRP/VRRP to present a single IP to you from two of their devices. VRRP/CARP/HSRP is generally a far better solution for that due to the slowlness of BGP convergence. adam. This client has two ISP's, and wants to setup BGP so he can reroute a /24, but he wants redundant routers to service the BGP so that if one goes down he still has both ISPs. So, both routers will respond to both legs of the of the BGP route. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: [pfSense Support] BGP status
On Feb 11, 2008 8:12 AM, Royce Mitchell III [EMAIL PROTECTED] wrote: Okay, please forgive my ignorance, but if you have two redundant routers servicing your BGP, how will they decide who is going to handle a packet without some sort of CARP/VRRP communication between them? OpenBSD does play well with CARP + BGP but since we do not have CARPDEV yet, we will not have these features. Stuff like[1]: -c Force bgpd to do carp(4) demotion at startup when the demote functionality is used. Normally, bgpd will only do demotion at startup when the demotion counter for the group in ques- tion is already greater than 0. bgpd will start handling de- motion after all sessions with demotion configured for the given group have been successfully established. At system startup, rc(8) has the demotion counter for the group carp increased until after bgpd is started, so this option should not be used in rc.conf(8). Will hopefully be available some time in the future. A patch is being tested on 7.X right now. Scott [1] http://www.openbsd.org/cgi-bin/man.cgi?query=bgpdapropos=0sektion=0manpath=OpenBSD+Currentarch=i386format=html - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
[pfSense Support] BGP status
Is the BGP package for pfsense available, yet? Also, does it play nice with CARP, or is CARP even necessary when you have BGP? Thanks! -- I AM NOT DISORGANIZED... I have anti-systematic methodology disorder! --- Royce Mitchell III Westpark Communications, Inc. [EMAIL PROTECTED] 713-785-3238 ofc 713-977-5944 fax Confidentiality Notice: The information contained in or attached to this message may be privileged and confidential and protected from disclosure. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this communication in error, please notify us immediately and delete the email as received. - To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]