Change from static WAN IP to BGP



  • I have been running clustered pfSense firewalls in our Data Centre for years using a static IP on the WAN interface. We run a routed public IP range for our web servers behind the WAN IP and have VPN tunnels which terminate on the WAN IP. I also use the load balancer, CARP/VIP's and NAT features extensively on the firewalls.

    We have been told by our providers that they want to change our WAN solution so that  we need to use BGP in order to keep our cluster working. I can see that the firewalls will work with BGP by installing the BGP package.

    I've never really used BGP before with pfSense but wanted to know if it will cause any problems with the current setup of my firewall, including the features currently being used.

    Has anyone had a similar experience and modified their firewalls from static WAN IP to BGP.



  • Hi,

    yes, we have done it. In my mesage history are several posts / you can search common for BGP here in forum - there are many good question/answer threads. You should use OpenBGP which works nice.

    But BGP uses also static IPs… only routing is done in different way.
    And BGP normally makes sense only for /24 or bigger networks because public announced networks must be minimal /24.

    I guess your ISP want you to discard default gw and offer you 2 or more gateways to let you automatically failover between backbones.
    Perhaps he can offer you also OSPF which is a little easier to setup because its done "automatically" per broadcast (but with pfSense package only IPv4 actual possible)?

    Bests