@div444 i'm finding the same - did you find a solution or did reverting fix it?
Hoping there is a patch fix or something to get it working! Rather not rollback if i can avoid it
I had a similar issue with Routed VTI over IPsec recently. FRR lost its neighbors after rebooting or when a tunnel went down. It never re-discovered it automatically. Only restarting FRR (either in GUI or via CLI) brought the neighbors back.
When I manually added those under the OSPF neighbors tab in the GUI it seems to solve the problem as well.
@michmoor said in BGP convergence with BFD working smoothly with the settings below.:
Redmine has been updated to reflect the testing done by @mcury so there is official guidance regarding treating this set up with dynamic routing.
Glad to see that..
They even tested with HA.. Thanks @marcosm for testing.
@pwabrat Sorry for the delayed reply,
the issue resolved by Route Redistribution in pfSense Kernel Routes of "Extended_LAN"
[image: 1740053295339-cbabfeed-7467-45d0-b3dc-5d8a06e8bdd8-image.png]
Thank you for the support.
@dudumiquim
I first reported the issue. There is a redmine.
https://redmine.pfsense.org/issues/14483
.
Has anyone encountered this issue? Is there a way to prevent all BGP sessions from restarting when only one ISP goes down?
Disable Gateway Monitoring Actions for your WAN. That somewhat solves one issue but there is instability with Ipsec and FRR
@michmoor said in Updating to pfSense+ 24.3 breaks routing - kernel routes now gone:
@Kevin-S-Pare
Nothing offensive in the config.
I don't know why you have bgp always-compare-med and bgp-determinstic-med configured at the same time.. If you are using MED to influence outbound routing then you should pick one option.
Based on the fact that you stated traceroutes and pings work out to the internet than we know that routing is good.
I do know there were behavorial changes to pfsense after 22.05 namely state policy changes.
https://www.netgate.com/blog/state-policy-default-change#:~:text=State%20Policy%20Options&text=As%20pfSense%20software%20is%20security,the%20system%20default%20State%20Policy
I have a sneaky suspicion you are running into this. I can see it happening if traffic leaves Upstream1 and comes back on Upstream2.
If i were you i would change to Floating state policy and perform your tests. It really seems you are hitting this behavior change.
Changing to the floating states worked! Thank you!
@michmoor said in FRR 10 coming with script support ?:
Yep yep that's right. Sorry for confusing issues.
Np, we need more people engaged in this, FRR is a great software but it is not working smoothly with pfsense IPsec VTIs.
@michmoor me too.
https://forum.netgate.com/topic/195542/i-from-24-0-3-upgrade-to-24-11-frr-bgp-service-can-t-start/9
it is should add the bgpd_options=" -A 127.0.0.1 -M rpki" in daemons.