Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Phantom static routes. + openbgpd

    Routing and Multi WAN
    1
    1
    517
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B
      brendan.jacques last edited by

      I have a pfsense firewall setup with 2 connections to our internal network, and BGP peering setup to the internal L3 switches.  However, the odd thing I'm seeing is the pfsense enters "phantom" static routes, see here:

      bgpctl show fib | grep 0.0.0.0
      *S      48 0.0.0.0/0            10.130.0.65

      That 10.130.0.65 is one of our L3 switches.  Now, if I turn down that BGP neighbor, a new "static" shows up pointing to the other L3 switch:

      bgpctl show fib | grep 0.0.0.0
      *S      48 0.0.0.0/0            10.130.0.81

      Now, there are no static routes setup in the webui for his pfsense.  Also, there is only a single gateway defined, and it's set to be the default.  However, this is not inserted into the kernel routing table, only the defaults that it gets from the BGP peers (which head out to other datacenters).

      The goal of this is to setup this firewall as the default gateway for the local datacenter.  The other default routes should indeed be in the RIB, as alternates.  But I'm afraid to source a default route in the BGP config, thinking I'll create a loop (since this firewall sees the L3 switches as best for the 0.0.0.0/0 route).

      Now, if I could set a static default route in the webui, that'd be great…  But it doesn't allow me to set a /0 CIDR mask, it only allows down to /1.  I guess I could use two routes, but that could cause other problems, being two more specific routes.

      Anyone know what's going on here?  Particularly why the 0.0.0.0/0 route would show as a static when it's actually learned via BGP?

      Thanks,
      Brendan

      1 Reply Last reply Reply Quote 0
      • First post
        Last post

      Products

      • Platform Overview
      • TNSR
      • pfSense
      • Appliances

      Services

      • Training
      • Professional Services

      Support

      • Subscription Plans
      • Contact Support
      • Product Lifecycle
      • Documentation

      News

      • Media Coverage
      • Press
      • Events

      Resources

      • Blog
      • FAQ
      • Find a Partner
      • Resource Library
      • Security Information

      Company

      • About Us
      • Careers
      • Partners
      • Contact Us
      • Legal
      Our Mission

      We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

      Subscribe to our Newsletter

      Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

      © 2021 Rubicon Communications, LLC | Privacy Policy