Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenBGPD with CARP

    Scheduled Pinned Locked Moved Routing and Multi WAN
    3 Posts 2 Posters 2.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • C Offline
      cuoz
      last edited by

      Hello all,
      We are in the process of replacing a single Vyatta BGP router with a failover setup using pfSense, CARP, and OpenBGPD.  Last night we were working with one of our ISPs and attempted to bring up our BGP sessions.  The sessions failed at first due to the source IP being used was the one for the physical interface and not the CARP VIP (connection denied).  With a bit of reconfiguration to swap IP's, we were able to bring up the sessions and validate that our BGP configuration was at least correct.  Our ISP's policy is that they will only allow a single IP to initiate the session, so we're not able to simply allow both routers to have sessions.

      My question is if there is a way to force OpenBGPD to talk to our ISP routers using the CARP VIP so that it will work after a failover event?

      I did notice that you can specify multiple, specific, "listen on" directives in the config.  Originally OpenBGPD was listening on all interfaces.  I have since changed that, but won't be able to test it until another session with our ISP support is scheduled.  Will having OpenBGPD only listen on the VIP interface be enough to make the traffic originate from that IP?

      If the "listen on" directives are not enough, what else can I do to control the source IP for our BGP sessions?

      We are running 2.0.2-RELEASE (amd64)

      Thank you in advance for any advice.
      gary

      1 Reply Last reply Reply Quote 0
      • G Offline
        gabi
        last edited by

        you must use "set nexthop 2.3.4.5" on your prefixes
        in case on a hardware failure you will lose all your active connections for couple of seconds(until slave carp take all feeds from isp)
        best scenario is with 2 bgp sessions for every isp (one for every pfsense box from each isp …if they allow this)
        be sure that you have stable hardware/pfsense conf....in case of many switches between boxes(master and slave) and you take global tables some isp blocks connections for a while

        1 Reply Last reply Reply Quote 0
        • C Offline
          cuoz
          last edited by

          Thanks for the reply.

          I do have the nexthop configured appropriately so that it will use the CARP address.

          As our ISP won't allow multiple sessions, I'm not able to have 2 at once.  The main issue I'm trying to solve is to have all BGP session traffic originate from the VIP and not the physical interface as my ISP is only allowing 1 IP address to initiate the session.  If it won't use the VIP, then failover won't be possible.

          If the "listen on" doesn't do the trick, then I'll have to find some other way.  Maybe a static route will work.
          gary

          1 Reply Last reply Reply Quote 0
          • First post
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.