PfSense FRR BGP - some information/help please ( make BGP route less desirable on a BGP server )

NorthIdahoTomJones

PfSense FRR BGP - some information/help please ( make BGP route less desirable on a BGP server )

My first post in this forum - please be kind to me - I am an ol-timer network person asking for some BGP help with the FRR BGP package.

Where can I find some clear-easy-to-follow ( or video/youtube ) instructions to influence my BGP routes to be less desirable routes when seen from other remote Internet BGP routing servers ?

I have two physical PfSense servers BGP advertising my networks. My issue is that all ( 99.999 % ) of the remote Internet incoming traffic comes in through a single BGP server that I want to reduce it's incoming traffic so that my second BGP server starts receiving the bulk of remote Internet traffic to my networks. (( I know both BGP servers are working because when I shut down one BGP server the remote Internet traffic to my networks come in through the remaining other BGP server. ))

I believe I need to prepend my AS number on the BGP server I want to make less desirable for incoming routes to my networks. I do not know where or how to do this in PfSense ( or if I am on the right path to do what I want to do ).

Both of my PfSense FRR-BGP servers are configured with a basic working configuration. At this time , I do not have anything configured in "AS Paths " or " route maps ".
Where might I find some easy to follow instructions ( or a video ) that shows the procedure/steps to influence my BGP announced networks so that one BGP server becomes less desirable from the Internet ?

Thank you for any input and advice

North Idaho Tom Jones

NorthIdahoTomJones

bump
Anybody have any information for how to prepend an outgoing AS to an upstream peer ?
For days , I have found little or zero useable information for how to configure PfSense FRR-BGP to get a working BGP router that is prepending the AS path to the upstream BGP peers.
PfSense FRR-BGP is new to me. In the past , I've used Mikrotik ( and Cisco 25+ years ago ).
So far ... I have found more posts that prepending does not work in FRR-BGP -and- zero clear/easy-to-follow examples of how to configure a functioning PfSense FRR-BGP router that is prepending the AS to outbound BGP peers.

My guess is that it does work and that I am just trying to configure prepend all wrong because I am not finding any easy-to-follow instructions that documents every step needed to configure from scratch a PfSense FRR-BGP router that is also prepending the AS to upstream BGP peers - :(

Also , in this netgate forum , I've found some questions from others having similar problems and asking about "AS PATH PREPEND" , and zero forum replies to the user's posted question. .. ... hmmm kinda makes me think about my options ...

Anybody have any information for how to prepend an outgoing AS to an upstream peer ?

North Idaho Tom Jones

ericlee

@NorthIdahoTomJones - I am looking at using pfSense with the Netgate appliances for this same thing, are you using Netgate hardware or something else? Would you mind providing some info? What uplink speeds are you connecting to? Are you running CARP in an HA? My uplinks would only be 1 Gbps per peer, any feedback would be greatly appreciated.

Thanks,
Eric

NorthIdahoTomJones

@ericlee

ericlee,

re your post/question ...

... are you using Netgate hardware or something else? ...
I am running multiple PfSense routers/firewall servers on multiple VmWare ESXi servers

... What uplink speeds are you connecting to? ...
My internal NOC network ( VmWare servers and switches ) all use a combination of 10-Gig , 40-Gig and 100-Gig network interfaces. I am in the process of migrating to 100-Gig networks ( or 40-Gig on older servers ). My new Spine and Leaf switches can now handle 100-Gig interfaces.
I have four upstream BGP peers that are currently 10-Gig connections ( two for IPv6 only -and- two for IPv4 only ). One peering location is somewhat local and the other peering location is 70-km away from my location. We are making some plans to upgrade our local close-by peering location to 100-Gig interfaces. That will probably happen this 2024 summer.

... Are you running CARP in an HA? ...
No. In general, I prefer KISS ( Keep It Simple Stupid ) and carrier class fast servers.
My experience is based on 45+ years of computer network communications - the more complex it is , then the harder it is to fix when something breaks. So I simply try to use good hardware that almost never gives me any problems.

... any feedback would be greatly appreciated ...
After much trial and fail in getting a set of PfSense BGP servers running with AS prefix settings , I finally gave up. All confiburation examples I found on the Internet resulted in not getting me what I wanted.
I finally ended up using four Mikrotik CHR virtual routers on my VmWare ESXi servers. It worked the way I wanted to on my first or second attempt.
In the future , I may come back to this and again research all my options to make fast-fast-fast BGP servers that can handle up to 100-Gig throughput and not choke ( any operating system - PfSense, CHR, VyOs or what ever I find that is popular and well suported).

North Idaho Tom Jones

mmercier

@NorthIdahoTomJones

A bit late, but here is one possible way:

Click Services -> FRR Global/Zebra
Click Route Maps
Click + Add

• General Options
  • Name -> choose a name
  • Action -> permit
  • Sequence -> 100
• BGP AS Paths
  • AS Path Action -> Set Prepend
  • Match AS Path -> None
  • Set AS List -> The AS you want to prepend
• Click Save at the bottom of the page

Click Services -> FRR BGP
Click Neighbors
Edit the appropriate neighbor
Peer Filtering

• Route Map Filters
  • Outbound Route Map Filter -> Select the route map created above from the drop down list
• Click Save at the bottom of the page