Phantom static routes. + openbgpd
-
I have a pfsense firewall setup with 2 connections to our internal network, and BGP peering setup to the internal L3 switches. However, the odd thing I'm seeing is the pfsense enters "phantom" static routes, see here:
bgpctl show fib | grep 0.0.0.0
*S 48 0.0.0.0/0 10.130.0.65That 10.130.0.65 is one of our L3 switches. Now, if I turn down that BGP neighbor, a new "static" shows up pointing to the other L3 switch:
bgpctl show fib | grep 0.0.0.0
*S 48 0.0.0.0/0 10.130.0.81Now, there are no static routes setup in the webui for his pfsense. Also, there is only a single gateway defined, and it's set to be the default. However, this is not inserted into the kernel routing table, only the defaults that it gets from the BGP peers (which head out to other datacenters).
The goal of this is to setup this firewall as the default gateway for the local datacenter. The other default routes should indeed be in the RIB, as alternates. But I'm afraid to source a default route in the BGP config, thinking I'll create a loop (since this firewall sees the L3 switches as best for the 0.0.0.0/0 route).
Now, if I could set a static default route in the webui, that'd be great… But it doesn't allow me to set a /0 CIDR mask, it only allows down to /1. I guess I could use two routes, but that could cause other problems, being two more specific routes.
Anyone know what's going on here? Particularly why the 0.0.0.0/0 route would show as a static when it's actually learned via BGP?
Thanks,
Brendan