• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

No route to host even though FRR BGP summary shows route in table.

FRR
2
3
1.2k
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • W
    wstocker
    last edited by Feb 27, 2021, 6:50 PM

    Hi All,

    First post so please be kind.

    pfsense CE 2.5.0.

    I have an issue where I am getting no route to host from the LAN net even though there is a route available via BGP from my peer.

    Am I missing something here?

    config:

    AWS Transit Gateway connected to Pfsense IPsec w/ BGP.

    Peer IPs are in 169.254.0.0/16
    Local Peer IP is VIP on WAN if.
    Allow APIPA traffic Enabled.
    Allow bogons.
    Allow RFC1918

    Peers are UP and routes exchanged (Can see them propagated AWS side as well).

    LAN Range: 192.168.60.0/24
    AWS VPC Range: 10.0.0.0/16

    no-nat for src lan-net to dst aws-vpc.

    frr config:

    !
    frr defaults traditional
    hostname *********
    password *********
    log syslog
    service integrated-vtysh-config
    !
    router bgp 65000
    bgp network import-check
    no bgp ebgp-requires-policy
    neighbor 169.254.87.45 remote-as 64512
    neighbor 169.254.87.45 update-source 169.254.87.46
    neighbor 169.254.113.73 remote-as 64512
    neighbor 169.254.113.73 update-source 169.254.113.74
    !
    address-family ipv4 unicast
    network 192.168.60.0/24
    neighbor 169.254.87.45 activate
    neighbor 169.254.113.73 activate
    no neighbor 169.254.87.45 send-community
    no neighbor 169.254.113.73 send-community
    exit-address-family
    !
    !
    line vty
    !
    end

    bgp routes;

    Network Next Hop Metric LocPrf Weight Path
    *> 10.0.0.0/16 169.254.87.45 100 0 64512 i
    *= 169.254.113.73 100 0 64512 i
    *> 192.168.60.0/24 0.0.0.0 0 32768 i

    bgp summary

    Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd PfxSnt
    169.254.87.45 4 64512 442 439 0 0 0 01:12:56 2 3
    169.254.113.73 4 64512 442 439 0 0 0 01:12:56 2 3

    Ping:

    root: ping -S 169.254.87.46 169.254.87.45
    PING 169.254.87.45 (169.254.87.45) from 169.254.87.46: 56 data bytes
    64 bytes from 169.254.87.45: icmp_seq=0 ttl=254 time=19.119 ms
    64 bytes from 169.254.87.45: icmp_seq=1 ttl=254 time=30.823 ms

    root: ping -S 192.168.60.1 10.0.4.169
    PING 10.0.4.169 (10.0.4.169) from 192.168.60.1: 56 data bytes
    ping: sendto: No route to host

    route show:

    /root: route show 10.0.4.169
    route to: 10.0.4.169
    destination: 10.0.0.0
    mask: 255.255.0.0
    gateway: 169.254.87.45
    fib: 0
    interface: re1
    flags: <UP,GATEWAY,DONE,PROTO1>
    recvpipe sendpipe ssthresh rtt,msec mtu weight expire
    0 0 0 0 1500 1 0

    If I have NAT on I just get blackhole as I presume its trying to send the traffic over the default gateway, so assuming no-nat is correct.

    I have ruled out AWS security group and acl issues using a static ipsec tunnel.

    How can I not have a route when there is clearly one in the route table?

    Am I missing something obvious?

    Cheers

    1 Reply Last reply Reply Quote 0
    • W
      wstocker
      last edited by Feb 27, 2021, 8:46 PM

      I'm an idiot.

      Use VTI instead of a tunnel and it works fine.

      Days wasted.

      R 1 Reply Last reply Aug 24, 2022, 5:18 PM Reply Quote 0
      • R
        rebelboy1988 @wstocker
        last edited by Aug 24, 2022, 5:18 PM

        @wstocker I have a strange issue where I can propagate routes into AWS and see them in Transit Gateway's route table, however I am getting no routes back from Transit Gateway for Propagated VPC attachments.

        Did you use a Virtual IP address or and enable the P2 VTIs as an interface?

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.