I run BGP at home now. Nothing requires this. I have one internet connection, a single /24 of RFC1918 space, and a wife who has reasonable views about how many lights should be blinking in the airing cupboard. But I'd spent years configuring BGP at work as a series of incantations I half-understood, and I wanted to break it in a place where breaking it cost nothing.
The lab is four VMs on the Proxmox box, each running a software router. I used BIRD on most of them and Quagga on one, mostly so I could feel the difference. They're wired together on isolated bridges so I can build whatever topology I like without touching the real network. The goal: a small fake internet where I can watch routes propagate, withdraw, and flap, and actually see why.
The bit that finally made sense
BGP is, at heart, gossip with rules. Each router tells its neighbours which prefixes it can reach and how far away they are, and applies policy to decide what it believes and what it re-advertises. At work that policy is hidden behind templates and a change-management process. At home there's nothing between me and the consequences, which turns out to be the best teacher I've had.
Here's a minimal BIRD 1.6 config for one of the routers, just enough to peer and announce a prefix:
router id 10.0.0.1;
protocol kernel {
export all; # push learned routes into the kernel table
}
protocol device { }
protocol static {
route 10.50.0.0/24 via 10.0.0.1; # the prefix this router "owns"
}
protocol bgp peer1 {
local as 65001;
neighbor 10.0.0.2 as 65002;
import all;
export all;
}
Each router got its own private ASN out of the 64512–65534 range, which is the reserved private AS block and exactly what it's for. Bring up the peering, and birdc show protocols flips the session to Established. The first time birdc show route listed a prefix learned from a neighbour rather than configured locally, I'll admit I was more pleased than the situation warranted.
Watching it break is the whole point
The lab earns its keep when you make it misbehave on purpose. I pulled the static route out of one router and watched the withdrawal ripple across the others in show route as the path disappeared. I added a second path to the same prefix and watched BGP pick a winner using its decision process, shortest AS path first, then the tie-breakers further down the list that I'd always glossed over.
Then I built a loop: three routers each advertising a path to the others, and learned, viscerally, why AS-path prepending and loop detection exist. BGP won't accept a route whose AS path already contains its own ASN. That's the loop prevention, and seeing a route get rejected for that reason in the logs taught me more in five minutes than a decade of reading about it.
The mistake I made, and it's a classic, was import all; export all; everywhere. That's fine in a four-router toy. It is precisely how you leak your default route to a peer who didn't want it, or worse, become a transit AS for traffic that has no business going through you. So I tightened the policy:
filter only_my_prefix {
if net = 10.50.0.0/24 then accept;
reject;
}
protocol bgp peer1 {
local as 65001;
neighbor 10.0.0.2 as 65002;
import all;
export filter only_my_prefix;
}
Now the router only advertises what it actually owns. This is the homelab version of the real-world rule: never trust what a neighbour sends you, and be very deliberate about what you send them. Route leaks make the news for a reason, and they almost always come down to an export policy that said "all" when it meant "these three prefixes".
Was it worth it
Entirely. I now understand the BGP decision process as something I've watched happen rather than a list I memorised for an exam. I understand why route filtering is a discipline and not an afterthought. And I understand, in my fingers, the difference between a session that's Established but exchanging nothing because the filters ate everything, versus one that's genuinely down. That last one has cost me hours in production over the years, and I can now diagnose it in seconds.
Do you need BGP at home? No. Absolutely not. But if your job involves it and you only ever meet it in anger, an evening building a fake internet you're allowed to break is the cheapest training you'll ever get. The lights in the airing cupboard are a small price.