Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    FRR Dynamic routing to Virtual IPs

    Scheduled Pinned Locked Moved
    FRR
    2
    4
    92
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C
      csgrhys
      last edited by

      Does anyone know a good way in PFSense FRR to stop advertising virtual IP addresses when the LAN interface goes down?

      I'm advertising the virtual IPs that exist on both of our PFSense firewalls to the internet via BGP but I need a way to automatically stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs.

      If you've set up two PFSense instances with BGP and independent WAN connections which route to the same internal network and would like to share how you did it, please do 😃

      M 1 Reply Last reply Reply Quote 0
      • M
        michmoor LAYER 8 Rebel Alliance @csgrhys
        last edited by

        @csgrhys you control what gets advertised out using route-maps.

        Firewall: NetGate,Palo Alto-VM,Juniper SRX
        Routing: Juniper, Arista, Cisco
        Switching: Juniper, Arista, Cisco
        Wireless: Unifi, Aruba IAP
        JNCIP,CCNP Enterprise

        C 1 Reply Last reply Reply Quote 0
        • C
          csgrhys @michmoor
          last edited by

          @michmoor I'm already using route-maps to control advertised prefixes and set communities. Don't see a way through the PFSense GUI to match based on interface status.

          M 1 Reply Last reply Reply Quote 0
          • M
            michmoor LAYER 8 Rebel Alliance @csgrhys
            last edited by michmoor

            " stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs."

            If the physical interface goes down then the subnet reachable out of that interface will be withdrawn in route advertisements.
            VIPs like loopbacks, are logical and are always UP.

            Firewall: NetGate,Palo Alto-VM,Juniper SRX
            Routing: Juniper, Arista, Cisco
            Switching: Juniper, Arista, Cisco
            Wireless: Unifi, Aruba IAP
            JNCIP,CCNP Enterprise

            1 Reply Last reply Reply Quote 0
            • First post
              Last post