Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    BGP stops working after upgrade to 2.5

    Scheduled Pinned Locked Moved FRR
    4 Posts 3 Posters 846 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      Ofloo
      last edited by

      After upgrading from 2.4.5p1 to 2.5 BGP stopped working. First I assumed it was because of my IPsec VTI tunnel, however when i manually add the routes they just work and when I ping the endpoint of the tunnel they just reply, both IPv4 and IPv6 work.

      Even tried using a WireGuard tunnel however this doesn't work either. I'm able to ping the end point route traffic through the tunnel but BGP just doesn't work.

      1 Reply Last reply Reply Quote 0
      • R
        rmac1813
        last edited by

        Same problem here. BGP neighbors come online, but no routes are exchanged, zebra routing table does not get updated. Same problem on neighbors, no routes present from the pfsense device.

        O 1 Reply Last reply Reply Quote 0
        • O
          Ofloo @rmac1813
          last edited by

          @rmac1813

          This fixes it
          https://forum.netgate.com/topic/160694/frr-7-3-7-5-bgp-not-announcing-routes

          Look at reply from jimp. That doesn't require editing the raw config.

          The default changed to not accept or distribute routes to a neighboer without a policy in place. This would only affect those who don't already use a route map on their neighbors, so for most the main change will be adding an "Allow-All" route map and then setting that as the route map filter on each neighbor.

          Under FRR, go to Global Settings, Route Maps, add a new one that just has:

          Name: Allow-All
Action: Permit
Sequence: 100 (or whatever)

          Then under BGP, edit each neighbor and set it as both entries (inbound and outbound) for Route Map Filter under Peer Filtering.

          It's a more secure default, but it may catch some by surprise.

          That can be added before upgrade, too, which would prevent this from ever being a problem.

          P 1 Reply Last reply Reply Quote 1
          • P
            posto587 @Ofloo
            last edited by posto587

            @ofloo

            We also ran into this issue:

            First we deleted /tmp/config.cache
            This resulted in a very long boot up time (at starting apcupsd package).
            But it finally came up.
            https://forum.netgate.com/post/965863

            Afterwards we had the issue with no "route map filter" configured on one path.
            This was resolved by configuring the "Allow-all" filter like suggested.

            https://forum.netgate.com/post/962875

            Thanks

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.