Ramblings of an aging IT geek
← Ramblings of an aging IT geek
networking

bgp in the homelab, because why not

Running BGP between a couple of hosts and the edge router at home, mostly so failover and per-service routing stop being a manual chore.

John Mylchreest
John Mylchreest
2018-10-23 · 3 min read

Patch panel and network cables

The honest answer to "why BGP at home" is that I wanted my services to announce themselves rather than me hand-editing static routes every time I moved something. The slightly more honest answer is that I do this for a living and wanted to break it somewhere that only annoys me.

The setup is small. The edge box runs a full routing daemon, and two internal hosts speak BGP back to it over a private AS in the 64512–65534 range. Each host announces a small /32 or /28 for the services it actually owns. When a host goes away, the announcement goes away, and traffic stops being sent into a black hole. That is the entire trick. No keepalived, no floating VIP scripts I forget the logic of by next year.

Rack and switching gear

Config-wise it is unglamorous. A minimal BIRD setup on each host looks roughly like this:

protocol bgp edge {
    local as 65001;
    neighbor 10.0.0.1 as 65000;
    import none;
    export where proto = "static_svc";
}

protocol static static_svc {
    route 10.0.10.5/32 via "lo";
}

The export filter is the important bit. I do not want a host accidentally announcing the whole world back at the router, so I only export the static routes I deliberately defined. Import is none; the hosts do not need to learn anything, they just need the default route they already have.

What surprised me is how calm it is once it works. I pulled a cable on one host expecting drama and instead the route just withdrew, traffic shifted, and nothing logged an angry message. The failover is sub-second because the session drops and BIRD reconverges immediately. Compared to waiting on an ARP timeout or a health check interval, it feels almost rude how fast it is.

It is absolutely overkill for a house. I am aware. But the failure modes are now boring and visible, and I would rather debug a missing route announcement than a shell script that decided not to run. If you already understand BGP from work, doing it at home costs you an evening and teaches you the operational edges you never see in a controlled environment. If you do not, this is a forgiving place to learn, because the only customer you can upset is yourself.