OpenBGP routes not getting installed

  • Ive established OpenBGP peering over IPSec to 2 different Azure Vnet gateways (each in separate Vnets). I see routes coming from each of them in the openbgp stats page:

    flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
    origin: i = IGP, e = EGP, ? = Incomplete
    flags destination          gateway          lpref   med aspath origin
    AI*>            100     0 i
    100     0 65200 i
    100     0 65200 i
    100     0 65100 i
    100     0 65100 i

    however for whatever reason, these routes are not making it into the pfsense's routing table in diagnostics->routing, or in results from netstat -nr so my LAN devices cannot reach into my Azure Vnets.

    Oddly enough, Azure was sending me a /32 of my pfsense's local bgp peer IP, I was able to get that removed from the table above using deny from any prefix {, } so at least we know the filtering is working. but why arent the routes installed? (I do have fib-update yes in the config)

  • not sure if im supposed to manually create an SA for the bearer traffic (between and to go along with the SA I created between the BGP peer IPs?

    I noticed I was not getting any encrypted traffic out my wan interface when trying to ping from to, so I did add an additional SA between and in pfsense, and now I do see encrypted traffic when I ping, but still no routes in netstat -nr, so this leaves me a bit concerned as to whether/not Ill have good BGP routing resilience in the first place...

Log in to reply