So, after the first two blogs, about the initiation of the Holodeck lab (https://my-sddc.net/holodeck-lab-building-the-lab/) and the first part of replacing some components with a pfSense appliance (https://my-sddc.net/holodeck-lab-replacing-networking-with-pfsense/), we now go a little deeper into the networking stuff. We are going to get BGP to work on the pfSense.

Goal is to achieve the following topology:

The NSX part of this has already been configured, as part of the Holodeck deployment. I grabbed the BGP configuration from the Cloud Builder appliance, to recreate it on the pfSense.

First, I need to install FRR, which contains BGP functionality (System | Package Manager | Available Packages):

Then we need to enable FRR:

And after this, I can enable BGP Routing, as follows (Under Services / FRR / BGP / BGP):

Choosing the following for Network Distribution:

Keeping the rest on default.

Next, I create a Prefix List, to make sure all routes are both received and forwarded. This is needed when configuring neighbors:

So the name is “Permit-Any”, that is relevant when configuring neighbors.

I also create a Route Map:

Then I configure the neighbors:

Leaving the rest on default settings. I do this for all four addresses that have been configured on the NSX side:

• 172.27.11.2
• 172.27.12.2
• 172.27.11.3
• 172.27.12.3

After this, we can see:

And that the neighbors are up and running:

And we can also see this from the NSX side (this is one example of the 4 connections that are available:

And so, if I now create a new segment on NSX, connected to one of the T1’s that is connected to the T0, I can see that it’s network becomes available on the pfSense:

And if I look at the routing table on NSX for one of the Edge Nodes (download it from the T0), I can see the subnets that are living on the pfSense:

(so for instance, network 192.168.2.0/24 can be found behind both 172.27.12.1 and 172.27.11.1 which are both the interconnect interfaces on the pfSense).

That concludes the BGP setting on pfSense and as far as I can tell, all functionality that was present on the Cloud Builder and Holo-Router is now transferred to the pfSense appliance, which means they (CB and HR) can be shut down and remain powered off.

For this post I used: https://docs.netgate.com/pfsense/en/latest/packages/frr/bgp/config-neighbor.html for reference.

After this, I deleted the unnecessary VM’s and also decreased the size for the Holo-Console VM, to free up some diskspace.