BGP Configurations for Tor Relay Servers
By 1AEO Team • May 1, 2025
Supercharge your Tor relay deployments with turnkey BGP configs that take you from zero to announced in minutes
The TorBGPConfigs repository provides a reference collection of BGP configuration files to announce your Autonomous System Number (ASN) and IP address ranges for Tor relay servers across different upstream providers.
BGP Server Configuration Files
server1.frr.conf: FRR on Ubuntu 24.02.2, announcing the same IP range used for local traffic.server2.frr.conf: FRR on Ubuntu 24.02.2, similar to server1, for announcing hosted prefixes.server3.frr.conf: FRR on OPNsense 25.4, announcing an IP range not directly routed by the host.
Common Variables
<local machine hostname> (e.g. localhost.domain.com)<my AS> (e.g. 12345)<remote AS> (e.g. 54321)<name of upstream provider><my IP address to announce> (e.g. 8.8.8.1)<neighbor IP> (e.g. 8.8.1.1)<my IP range and subnet to announce> (e.g. 8.8.8.0/24)
Common BGP Commands
Show BGP Unicast Summary
sudo vtysh -c "show bgp ipv4 unicast summary"
Displays a summary of all BGP routes along with peer states.
Show Detailed Routing Information for an IP Prefix
sudo vtysh -c "show bgp ipv4 unicast xxx.xxx.xxx.0/24"
Provides detailed routing information for a specific prefix.
Show Advertised Routes to a Specific BGP Neighbor
sudo vtysh -c "show ip bgp neighbors xxx.xxx.xxx.xxx advertised-routes"
Shows the routes being advertised to the specified neighbor.
Community Discussion: BGP Management Choices
Highlights from a Tor relays mailing list thread, Tor Relay Deployment Dilemma: Handle BGP yourself or have it done upstream to announce your own AS? on April 8, 2025, covering whether to self-manage BGP sessions or delegate to upstream providers, resource considerations, and monitoring options:
- Consider delegating BGP to upstream providers if expertise is limited or managed BGP fees are reasonable.
- For single-homed relays, receiving only default IPv4/IPv6 routes conserves CPU/RAM;
- Default-only setups simplify route filtering; for full tables, follow established filtering guides (e.g., NLNOG's BGP Filter Guide).
- Full routing tables could be justified as a learning experience and to experiment with.
- A full global BGP table requires a few hundred megabytes of memory and modest CPU compared to Tor traffic and crypto operations.
- Monitoring recommendations include self-hosted BGPalerter, hosted services like PacketVis, BGPWatch, or free accounts on BGP.Tools.
Communicating With Your Upstream Provider
Before setting up your BGP session, gather these details:
Information You Should Share
- Your ASN:
- Your Peering IP Address:
- Prefix to Announce:
- Preferred Table Type: Default only, Full Table only, Full Table + Default
Questions to Ask Your Upstream Provider
- Upstream ASN:
- Upstream Peering IP Address:
- Upstream Continuation ASNs: Will you announce to ASXXXX and ASXXX?
- Session Timers: Keepalive interval? Hold time?
- Capabilities: Do you support graceful restart, route refresh, etc.?
- Prefix and Community Policies: Any inbound/outbound filters or community settings?
- VLAN or Interface Settings: Any VLAN tags or interface-specific requirements?
- Operational Guidelines: Maintenance windows or other operational guidelines?
Join the Mission