Larvitz  

I just published a new guide on evolving a single BGP router into a multi-homed, two-PoP network using FreeBSD, FRR, and PF.

- Native peering on Vultr + 3 GRE transits
- Tying it together with iBGP
- Why stateful firewalls break asymmetric transit (and how to fix it)

All for ~€18/mo.

Read it here:
https://blog.hofstede.it/running-your-own-as-going-multi-homed-with-ibgp-and-three-transits/

#FreeBSD #BGP #IPv6 #Networking #Sysadmin #FRR #Homelab

Running Your Own AS: Going Multi-Homed with iBGP and three Transits

Expanding a single BGP router into a two-PoP distributed network: adding a Vultr edge router with native BGP peering, three upstream GRE providers and iBGP to tie it together - plus the stateless P...

Larvitz Blog
Feb 26 at 6:46pmWeb
Show threadsubnetspiderFeb 26
@Larvitz Considering that I pay my ISP around €50 a month just for a static /56 IPv6 prefix, this is very tempting. πŸ˜΅β€πŸ’«
Show threadLarvitz  Feb 26
@subnetspider I was also very surprised how inexpensive that has gotten!
Show threadMarcinGondekFeb 26
@Larvitz with Vultr which I also use you may consider to use also in route-map β€œset as-path exclude 64515 65534” to make path which you are getting from them more clean.
Show threadLarvitz  Feb 26
@drixter Good hint :-) Thank you. I'll definitely do that.
Show threadbbβ‚œα΅€β‚“α΅’Feb 26

@Larvitz

This is starting to get a bit over my head, but I basically understood what it's about. 🫣

Show threadJΓΆrg πŸ‡©πŸ‡ͺπŸ‡¬πŸ‡§πŸ‡ͺπŸ‡ΊFeb 26
@tux What @Larvitz is writing is already far away of my horizon since ages. πŸ™ˆ
Show threadLarvitz  Feb 26
@AlienJay @tux My next article is going to be something simpler. A practical guide on the vim editor with nice tipps and tricks for yaml editing and efficient text manipulation πŸ™‚
Show threadJΓΆrg πŸ‡©πŸ‡ͺπŸ‡¬πŸ‡§πŸ‡ͺπŸ‡ΊFeb 26
@Larvitz @tux πŸ‘πŸ»
Show threadKajetan StaszkiewiczFeb 26
@Larvitz For each packet of the transit traffic first the states will be checked, and then all other rules one by one. I’d recommend either putting the stateless rules at the beginning, or even make them stateful but allow them to create states for asymmetric traffic ignoring TCP flags.