FRR OSPF Default Route
-
Hi All,
I have a few sites connected back to a central pfSense installation via a IPSEC VTI Tunnels
I then use FRR (OSPF) for routing and all is working perfectly. Each site has around 5 x VLANS and routing these internal VLANS / Subnets is working perfectly.
I have enabled the option "Redistribute a Default route to neighbors" in the central pfSense box and what I would like is for all sites to "breakout" to the Internet via the Central pfSense installation (long story but these IPSEC VTI Tunnels will soon be replaced with Point to Point links)
I can see that OSPF is advertising these links. However if I login to a client site and look at the Zebra Status Page, I see the following:
O 0.0.0.0/0 [110/10] via 10.52.1.1, ipsec1000 onlink, 00:00:13
K>* 0.0.0.0/0 [0/0] via <WAN DEFAULT GATEWAY>, lagg0.4090, 04:15:21It is still picking the WAN Port's Gateway as the "default route"
Anything silly I am missing here ?
Cheers
-
You may set the route (Interface) cost of the local kernel route to a higher value. The route cost in summary determines the route decision. If this is true in FRR here, is the question.
-
@pete35 how do you change the default route cost for the WAN Gateway ?
-
There is a gui option in the area configuration:
"default route cost"You may also want to edit the raw ospfd.conf files, it is possible via the gui - like this:
area A.B.C.D default-cost (0-16777215)
There is a manual for frr: http://docs.frrouting.org/en/latest/ospfd.html#ospf-area
-
I can't work out where to set the route (interface) cost of the local kernal route in pfSense ?
I have tried going to System > Routing > Gateways > Edit WAN1 Gateway > Set the "Weight" to 30
This made no difference
I then went in to FRR > OSPF > and changed the "Default Metric" to 3.
This also made no difference.
Still getting the following values
O 0.0.0.0/0 [110/10] via 10.52.1.5, ipsec1000 onlink, 00:02:48
K>* 0.0.0.0/0 [0/0] via <WAN1 GW>, lagg0.4090, 00:02:57Any ideas ?
-
To be clear, you are changing the weight of the local kernel route on the client site?
-
@kkrazyken Correct - but I currently don't know how to do this. The local kernal route always takes "priority" over the FRR (OSPF) Default route:
O 0.0.0.0/0 [110/10] via 10.52.1.5, ipsec1000 onlink, 00:02:48
K>* 0.0.0.0/0 [0/0] via <WAN1 GW>, lagg0.4090, 00:02:57 -
@smaxwell2
try to set it on the raw ospfd.conf . Maybe the Gui doesnt work. -
@smaxwell2 Do you need the kernel default route? you could go to the interface and set GW to none.
-
@kkrazyken I have tried this and this fixes the problem :) However ... This then means that pfSense does not have internet access, therefore doing an update in the future could be problematic. Also when I am updating random things, it takes a long time to "save changes" as DNS is not working on pfSense ?
-
This post is deleted! -
@smaxwell2 I forgot you were running through tunnels, so you do need that GW. Spreading the default route via OSPF may not be the right way to go for this. If there is only one tunnel from each site to the central it will be much easier just to specify the default route for the needed networks statically.