I'm running pfSense (v1.2.3-RELEASE) as my gateway router right now. Being located at a University I have a connection available for non-commercial traffic that is separate from my default ISP.
I'm currently connecting the WAN interface to the commercial ISP, OPT1 to the University, and using static routes to reach "academic" destinations. (I've only set up four /16 static routes that encompass the local campus so far.) I'd like to route all traffic destined for CA*Net (and thus CENIC, I2, MREN, NLR, etc., etc.) out the secondary connection. Since maintaining all those static routes by hand seems impossible, the university folks are willing to do private BGP peering so I can get the partial feed from their CA*Net router, which is about 13K routes. (That's after aggregation, AFAIK.) So: 1. I see OpenBGPd in the packages tree, but at v4.2 - is there an interaction with pf that is clamping OpenBGPd to 4.2, or is it simply not actively maintained? 2. There have been quite a few fixes in OpenBGPd between 4.2 and 4.6, including a few memory leaks and "reliability fixes" - are these likely to affect me in real-world use? (I can live with rebooting the router once a week in exchange for not having to buy carrier-grade router!) 3. OpenBGPd merely inserts the relevant routes into the kernel's FIB; the last time I tried running a FIB with ~10K entries (by accident) it wasn't pretty. Of course, that was OpenBSD 2.x, 10 years ago. Is this a valid concern now? Can pfSense 1.2.3 handle being a "core" router? 4. I do not want to advertise anything at all; does leaving the "Networks" field blank in the UI accomplish this? I assume the university will filter out anything I send them anyway, but I'd rather be a good neighbour. 5. Do I need to be a BGP guru just to receive a partial feed and do what I'm talking about here? Should I just give up and go home now? I may be "smarter than your average bear" when it comes to basic and intermediate networking (up to and including OSPF, IGRP, etc.) but have never needed to use BGP before. FYI, this is moderately important to me because the commercial ISP is 5 Mbps and we pay for traffic usage, whereas the university connection is 5 Gbps and it's included in the rent. Obviously I'd rather divert traffic that way if it's headed for an academic/research destination! (Yes, this is quite a similar situation to the fellow from South Africa last week, but I already know I can use BGP.) Thank you, -Adam Thompson Chief Technical Architect, C3A Inc. [email protected]<mailto:[email protected]> (204) 272-9628 x6004 / fax: (204) 272-8291
