Full internet routes



  • One suggestion to solve a black hole problem is to receive full internet routes on the pfsense firewalls we have with BGP.

    is pfsense capable of doing so.
    Each firewall has 8gb of memory.

    I have no idea of what it means, consequence or requirements doing so.
    I have no idea how to make it happen either.

    Looking for info to decide if this is a possible solution or not.

    Thanks.

    H.



  • what problem? who's suggestion? is someone feeding you quotes from the bofh archive ?



  • The problem is that we had our traffic black holed by a faulty policy in a Level 3 data center.
    One of the suggestions was to carry a full internet route to bypass theirs.

    I am thinking the fail over monitoring on the routes might be an easier way of doing it.
    I asked in a thread a few posts down from this one.
    It explains it a little better.

    Basically, trying to prevent if another human error happens again.

    H.



  • Shouldn't be a problem getting full routes in OpenBGP on your hardware. Make sure you are only advertising what you need to (generally self)