VMware Cloud Community
robinsonjl3
Enthusiast
Enthusiast
‎01-25-2021 05:58 AM
Jump to solution

BGP, pfsense, and vCF

I am attempting to deploy a nested vCF 4.1 on my homelab using VMUG licenses.  So far everything has been going fine aside some timeout issues when deploying the NSX-T Managers but the SDDC Bringup has failed configuring BGP.  I have scoured the internet looking for successful configurations of pfsense and vCF but not having any luck.

Yes, I am aware of the VLC and have used it before but I am trying to follow the 6.1 VVD as closely as possible attempting to replicate a production environment.  Just need to figure out the BGP portion.

I did download and install the eBGP package to pfsense and configured it how I thought it should be done but that is apparently wrong.

I am hoping someone out there has successfully done this using pfsense and can help me out.

Thanks in advance.

Labels (5)
Labels
Tags (5)
Reply
0 Kudos
1 Solution

Accepted Solutions
robinsonjl3
Enthusiast
Enthusiast
‎01-29-2021 11:36 PM
Jump to solution

I finally got it working.  I ditched the eBGP package on pfsense and switched to FRR.  After some tinkering here is what I had to do:

Created a "loopback" address which is a VLAN assigned to my LAN interface with a /32 address.

Enabled FRR and set the router ID to the loopback /32 address in the global settings.

On the BGP settings I set the Local AS and configured the peers.

Once I did that all of the edge nodes picked it up and BGP routing is working.

View solution in original post

Reply
0 Kudos
6 Replies
Agamen0n
Contributor
Contributor
‎01-25-2021 06:13 AM
Jump to solution

Hi,

never tried to do this but is TCP 179 allowed through the pfsense?

Reply
0 Kudos
robinsonjl3
Enthusiast
Enthusiast
‎01-25-2021 06:16 AM
Jump to solution

I made pfsense pretty much wide open, nothing but ANY-ANY rules on every interface, it is just a router at this point.

Reply
0 Kudos
Agamen0n
Contributor
Contributor
‎01-25-2021 06:25 AM
Jump to solution

OK during the BGP peer setup you should be able to see packets coming from the neighbour to TCP port 179. Are you even able to see any information about the neighbour? https://docs.vmware.com/en/VMware-Cloud-Foundation/3.10/com.vmware.vcf.admin.doc_310/GUID-9AE1705B-3...

Reply
0 Kudos
robinsonjl3
Enthusiast
Enthusiast
‎01-25-2021 06:39 AM
Jump to solution

I'll have to doublecheck this when I get home but I'm pretty sure the answer will be no.

Reply
0 Kudos
robinsonjl3
Enthusiast
Enthusiast
‎01-25-2021 04:51 PM
Jump to solution

I apologize for the delay, just got home.

BGP state = Active

And I am only showing directly connected routes which are basically the uplinks.

Reply
0 Kudos
robinsonjl3
Enthusiast
Enthusiast
‎01-29-2021 11:36 PM
Jump to solution

I finally got it working.  I ditched the eBGP package on pfsense and switched to FRR.  After some tinkering here is what I had to do:

Created a "loopback" address which is a VLAN assigned to my LAN interface with a /32 address.

Enabled FRR and set the router ID to the loopback /32 address in the global settings.

On the BGP settings I set the Local AS and configured the peers.

Once I did that all of the edge nodes picked it up and BGP routing is working.

Reply
0 Kudos