If you are new to OpenBSD and OpenBGP then I would- a) setup a test box not in your production path b) request your providers set up second peer sessions each, with each 'second session' going to the test box c) get comfy with OpenBSD and OpenBGP with those two full tables from your peers, just like you will in future production.
d) throw a second test box in the mix, migrate one of the 'second sessions' to that box. e) mess around with CARP on the inside connections of these boxes to your LAN The nice thing about this path is the flexibility and non-intrusion into your current production network while you get over your own learning curve. One possibility on your topology- consider a front-end router to each provider (can be whatever type) and then put your two OBGPD boxes behind them in a CARP setup and have your providers multihop their sessions to that CARP address... now you can have BGP redundancy! Then continue CARPing on the back end... now you have no single point of failure (in that part of the topology.) We've been testing that very setup (and actually placing the two OBGPD route servers in two separate locations connected by Metro Ethernet) and it has worked in testing flawlessly. We actually let the edge routers peer (via IBGP obviously) with the CARP BGP address for next hop forwarding (some of our edge routers have more than one upstream connection)... each edge router gets one table from one inside peer, making it's configuration/maintenance much simpler. You just make the BGP config changes on the OBGPD box, and you don't have to change anything in the edge routers... Anyone else doing this or something similar? Danno Danno.appliedi.net/drupal/ -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, March 02, 2007 3:16 AM To: OpenBSD misc Subject: Migrate to OpenBSD + OpenBGP Hello to everyone in the list, I run small ISP. Currently I use Debian + Quagga Box for my BGP sessions. It is a single box with tow full feeds (approximately 200K prefixes) from tow ISPs and tow sessions from the same ISPs with local prefixes (approximately 2,5K prefixes). The same box is doing traffic shaping, firewall and so on for DMZ and clients. The clients are only connected by Metro Ethernet links. If I do not describe the current situation well please let me know, I will give more details. I plan to change this setup with OpenBSD + OpenBGP boxes, one for each ISP with IBGP between them and third box for firewall and client connections, possibly the third box would be duplicated by another box with CARP. I am looking for the best redundancy I could get. However I may be wrong in my plan... As I am absolute beginner with OpenBSD I would be very happy for any ideas, advises or practical examples. Thank you very much, Ivo
