Hi Everyone,
It’s me again with another topic I’ve been thinking about. Why can’t I peer via private BGP with my ISP? I guess it would take too much engineering effort for someone paying less than $100 a month for a 1Gbps internet connection.
Anyway, in the meantime, I’ve found a solid workaround. I use a private service called DN42 in my homelab (cloud network).
The premise is stupid simple: you create a private VPN connection (I use WireGuard) and run BGP over that VPN. The routing operating system I’m using is FRR, and it’s dead simple to set up in my opinion—though it does have a few quirks.
I have two routers that are peered to two different peers in the DN42 intranet (or internet?) They use a configuration similar to below:
frr version 10.0
frr defaults traditional
hostname <ROUTER_HOSTNAME>
log syslog informational
service integrated-vtysh-config
!
debug zebra rib
debug bgp keepalives
debug bgp neighbor-events
debug bgp update-groups
debug bgp updates in
debug bgp updates out
debug bgp zebra
!
router bgp <LOCAL_ASN>
# EDGE-RTR-02
neighbor <EDGE_NEIGHBOR_IP> remote-as <LOCAL_ASN>
neighbor <EDGE_NEIGHBOR_IP> description EDGE-02
neighbor <EDGE_NEIGHBOR_IP> update-source <EDGE_INTERFACE>
neighbor <EDGE_NEIGHBOR_IP> soft-reconfiguration inbound
neighbor <EDGE_NEIGHBOR_IP> route-map set-local-pref-in in
# DN42
neighbor <DN42_NEIGHBOR_IP> remote-as <DN42_ASN>
neighbor <DN42_NEIGHBOR_IP> description DN42
neighbor <DN42_NEIGHBOR_IP> interface <DN42_INTERFACE>
neighbor <DN42_NEIGHBOR_IP> disable-connected-check
neighbor <DN42_NEIGHBOR_IP> soft-reconfiguration inbound
!
address-family ipv4 unicast
network <INTERNAL_NETWORK_1>
network <INTERNAL_NETWORK_2>
neighbor <DN42_NEIGHBOR_IP> route-map dn42 out
exit-address-family
exit
!
access-list dn42 seq 5 permit <INTERNAL_NETWORK_2>
!
route-map set-local-pref-in permit 10
match ip address <INTERNAL_ACCESS_LIST>
set local-preference 200
exit
!
route-map dn42 permit 10
match ip address dn42
exit
!
end
I am working on an IPv6 integration, but I’m lazy.