How To Configure A BGP Session For Your VPS

A BGP session allows you to announce your own address space through our network. If you would like to announce your own IPv4 address space on the Pufferfish Host network, we can configure a BGP session for you. This guide is only applicable to the Germany region currently. If you are interested in a session in other regions, please contact support. Your own AS is not required, we can give you a private AS to announce instead.

Step 1 – Request a BGP session

Open a ticket with our support team either by livechat, discord, or through the billing panel. Include your ASN (if you have one). We will verify ownership of the ASN by sending an email to one of the contacts listed for your ASN. If you would like to use our ASN to announce your IP space, you will also need to provide an LoA. You will also need to provide a list of prefixes that you would like to announce so that DDoS protection can be properly configured.

For redundancy, we run a pair of redundant route servers. You will peer your VPS to both of our route servers for redundancy purposes.

Step 2 – Configure RPKI

RPKI will need to be configured on your prefixes, this is enforced by us and our upstreams for security purposes. Configuring this is outside of the scope of this guide. Our upstreams can take up to 24 hours to pull updated RPKI information, during which time your prefix will not be available.

Step 3 – Set up BIRD

Once your session has been configured on our router, you will need to set up the session on your VPS. There are many software platforms allowing you to configure BGP sessions, BIRD being one of the most popular, and the one this guide will use.

To start, install BIRD: apt install bird

Bird's configuration file is located at /etc/bird/bird.conf. Edit this file and use the following configuration (setting the appropriate configuration values where necessary):

router id <your VPS IP>;

protocol static {
    route <your prefix>/24 via <your VPS IP>;
}

protocol device {
        scan time 60;
}

protocol bgp {
    local as <Your ASN>;
    neighbor 185.135.158.221 as 65121;

    import all;
    export all;

    graceful restart on;

    password "<BGP Password>";
}

protocol bgp {
    local as <Your ASN>;
    neighbor 185.135.158.225 as 65121;

    import all;
    export all;

    graceful restart on;

    password "<BGP Password>";
}
/etc/bird/bird.conf

Once this configuration has been created, restart BIRD with systemctl restart bird. Once this happens, your VPS will establish a session with our router and traffic for your prefix will begin flowing to your VPS. At this point, you can set up routing or bind them to a network interface.

Step 4 – Bind to interface

If you would like to actually use your IPs on your VPS, then you will need to bind them to a dummy interface. In /etc/network/interfaces, this can be done by adding the following lines:

auto dummy1
iface dummy1 inet static
    address <an IP address>/24
    pre-up ip link add dummy1 type dummy
/etc/network/interfaces

After adding this, the command ifup dummy1 will load the dummy interface without needing a reboot.

If you are using an Ubuntu system with Netplan, then the following configuration can be used:

network:
  version: 2
  renderer: networkd
  bridges:
    dummy1:
      dhcp4: no
      dhcp6: no
      accept-ra: no
      interfaces: [ ]
      addresses:
        - <an IP address>/24
/etc/netplan/02-dummy.yml

Once this has been configured, use netplan try to load the dummy interface.

After the dummy interface is loaded, we need to tell BIRD to use the device we just created. Add the following to /etc/bird/bird.conf, between the protocol bgp and protocol device blocks:

protocol direct {
    interface "dummy*"
    import none;
}
/etc/bird/bird.conf

Restart BIRD or reload BIRD's configuration to apply the changes.

Step 5 – Test

If everything has been set up correctly, you should now be able to ping your Pufferfish Host VPS from anywhere on the internet. If this doesn't work, it's possible that the latest RPKI records haven't yet been pulled by our upstream. If you are having trouble, contact our support team and we will be able to help you troubleshoot the problem.

Extras and Ideas

The same IP addresses can be announced from multiple VPS servers in the same region. If this happens, traffic will be load balanced across all of your VPS servers. Additionally, if one of your VPS servers fails, BGP will ensure that traffic is routed to the working VPS instead. If you do not want to set up load balancing, add a prepend of your AS on the BIRD configuration for the VPS that should be de-prioritized. If you would like faster failover detection, BFD sessions are also available. Please contact support if you would like to set up a BFD session.

Technical Details

Route Server 1: 185.135.158.221
Route Server 2: 185.135.158.225
Route server ASN: 65121
Our public ASN: 400799