On Fri, Jun 11, 2010 at 4:31 PM, Adam Thompson <[email protected]> wrote: > I’m running pfSense (v1.2.3-RELEASE) as my gateway router right now. Being > located at a University I have a connection available for non-commercial > traffic that is separate from my default ISP. > > > > I’m currently connecting the WAN interface to the commercial ISP, OPT1 to > the University, and using static routes to reach “academic” destinations. > (I’ve only set up four /16 static routes that encompass the local campus so > far.) I’d like to route all traffic destined for CA*Net (and thus CENIC, > I2, MREN, NLR, etc., etc.) out the secondary connection. > > > > Since maintaining all those static routes by hand seems impossible, the > university folks are willing to do private BGP peering so I can get the > partial feed from their CA*Net router, which is about 13K routes. (That’s > after aggregation, AFAIK.) > > > > So: > > 1. I see OpenBGPd in the packages tree, but at v4.2 – is there an > interaction with pf that is clamping OpenBGPd to 4.2, or is it simply not > actively maintained? >
The package version is 0.4.2, the openbgpd version is 4.5 and works fine. > 3. OpenBGPd merely inserts the relevant routes into the kernel’s FIB; > the last time I tried running a FIB with ~10K entries (by accident) it > wasn’t pretty. Of course, that was OpenBSD 2.x, 10 years ago. Is this a > valid concern now? Can pfSense 1.2.3 handle being a “core” router? > There are people who load the entire Internet routing table, which is far more than you'll have. The only caveat I've seen is the status page is a nightmare with that many routes. > 4. I do not want to advertise anything at all; does leaving the > “Networks” field blank in the UI accomplish this? I assume the university > will filter out anything I send them anyway, but I’d rather be a good > neighbour. > Use announce none. See also: http://www.openbsd.org/cgi-bin/man.cgi?query=bgpd.conf > 5. Do I need to be a BGP guru just to receive a partial feed and do > what I’m talking about here? Should I just give up and go home now? I may > be “smarter than your average bear” when it comes to basic and intermediate > networking (up to and including OSPF, IGRP, etc.) but have never needed to > use BGP before. > This is a pretty simple setup, you won't need to be a BGP guru to accomplish this. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected] Commercial support available - https://portal.pfsense.org
