Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    OpenBGP routes not getting installed

    Scheduled Pinned Locked Moved Routing and Multi WAN
    2 Posts 1 Posters 523 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • opticalcO
      opticalc
      last edited by

      Ive established OpenBGP peering over IPSec to 2 different Azure Vnet gateways (each in separate Vnets). I see routes coming from each of them in the openbgp stats page:

      flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
      origin: i = IGP, e = EGP, ? = Incomplete
      
      flags destination          gateway          lpref   med aspath origin
      AI*>  192.168.0.0/22       0.0.0.0            100     0 i
            192.168.252.0/24     192.168.252.254    100     0 65200 i
            192.168.253.0/24     192.168.252.254    100     0 65200 i
            192.168.254.0/24     192.168.254.254    100     0 65100 i
            192.168.255.0/24     192.168.254.254    100     0 65100 i
      

      however for whatever reason, these routes are not making it into the pfsense's routing table in diagnostics->routing, or in results from netstat -nr so my LAN devices cannot reach into my Azure Vnets.

      Oddly enough, Azure was sending me a /32 of my pfsense's local bgp peer IP, I was able to get that removed from the table above using deny from any prefix { 0.0.0.0/0, 192.168.1.1/32 } so at least we know the filtering is working. but why arent the routes installed? (I do have fib-update yes in the config)

      1 Reply Last reply Reply Quote 0
      • opticalcO
        opticalc
        last edited by

        not sure if im supposed to manually create an SA for the bearer traffic (between 192.168.0.0/22 and 192.168.255.0/24) to go along with the SA I created between the BGP peer IPs?

        I noticed I was not getting any encrypted traffic out my wan interface when trying to ping from 192.168.0.0/22 to 192.168.255.0/24, so I did add an additional SA between 192.168.0.0/22 and 192.168.255.0/24 in pfsense, and now I do see encrypted traffic when I ping, but still no routes in netstat -nr, so this leaves me a bit concerned as to whether/not Ill have good BGP routing resilience in the first place...

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.