Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    many Interfaces assinged to an FIB

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 2 Posters 1.1k Views 2 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S Offline
      sokolum
      last edited by sokolum

      I have found a post about how to assign a interface to a FIB, in my that would be a VLAN interface on PFsense.
      The example is using net.conf, what is not used on the PFsense, what is the proper way to assign interface to a FIB on PFsense?

      https://forums.freebsd.org/threads/using-same-ip-address-on-different-fibs.52565/

      Use case:
      I want (need) to create 5 VLAN interfaces, al has the same /24 subnet configured (mandatory) and every interface has configured the same IP address on their interface.
      I believe this is possible with FIB.

      Example:

      vmx1 - vlan 10 : fib 1 - all traffic is handled on fib 1 - VM 10.0.0.1/24
      vmx1 - vlan 20 : fib 1 - connected to LAN
      vmx1 - vlan 30 : fib 2 - all traffic is handled on fib 2 - VM 10.0.0.1/24
      vmx1 - vlan 40 : fib 2 - connected to LAN
      vmx1 - vlan 50 : fib 3 - all traffic is handled on fib 3 - VM 10.0.0.1/24
      vmx1 - vlan 60 : fib 3 - connected to LAN
      etc, etc

      NOTE: on Cisco I would create a new VRF and associate that interface to an VRF. Want to achieve similar on PFsense.

      Any help very much appreciated!

      dotdashD S 2 Replies Last reply Reply Quote 0
      • dotdashD Offline
        dotdash @sokolum
        last edited by dotdash

        @sokolum
        There was a feature request years ago to add this functionality to pfSense, but AFAIK nothing has been done. Even if the kernel is built with support for multiple routing tables, there is no way to configure it in the gui. If you are working under those unusual constraints, you would need to use a stock FreeBSD system, or another product that supports multiple routing tables.

        EDIT- Out of curiosity, I tried increasing net.fibs to 3 in the loader.conf.local on a test 2.5 box. After a reboot, it was indeed reporting 3 fibs, but as I mentioned before, without having the options in the gui, it's going to be a mess to try and use the additional fibs.

        S 2 Replies Last reply Reply Quote 0
        • S Offline
          sokolum @dotdash
          last edited by sokolum

          @dotdash I managed in shell doing:

          Added the following line:

          net.fibs=16

in

/boot/loader.conf

          The following command shows 16 fibs:

          # sysctl net.fibs

net.fibs: 16

          Able to add fib to an interface, still able to ping this interface when coming from another interface (note, I had to remove the routing in FIB 5).

          Assiging fib 5 to vmx2: 

[2.5.0-RELEASE][root@TEST-pfSense.home.arpa]/boot: ifconfig vmx2 fib 5

          Next shows fib 5 is assigned to vmx2

          [2.5.0-RELEASE][root@TEST-pfSense.home.arpa]/boot: ifconfig vmx2
vmx2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: v102
        options=e000bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        ether 00:0c:29:ed:dd:b1
        inet6 fe80::20c:29ff:feed:ddb1%vmx2 prefixlen 64 scopeid 0x7
        inet 100.102.0.1 netmask 0xffffff00 broadcast 100.102.0.255
        fib: 5
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

          I noticed the request:
          https://redmine.pfsense.org/issues/4796

          But using Shell to accomplish is fine by me.

          1 Reply Last reply Reply Quote 0
          • S Offline
            sokolum @dotdash
            last edited by sokolum

            @dotdash said in many Interfaces assinged to an FIB:

            @sokolum
            There was a feature request years ago to add this functionality to pfSense, but AFAIK nothing has been done. Even if the kernel is built with support for multiple routing tables, there is no way to configure it in the gui. If you are working under those unusual constraints, you would need to use a stock FreeBSD system, or another product that supports multiple routing tables.

            EDIT- Out of curiosity, I tried increasing net.fibs to 3 in the loader.conf.local on a test 2.5 box. After a reboot, it was indeed reporting 3 fibs, but as I mentioned before, without having the options in the gui, it's going to be a mess to try and use the additional fibs.

            I got fib working via Shell.

            Makes sure all routed in the fib are deleted:
            In my example I have assigned fib 5 to vmx5:

            [2.5.0-RELEASE][root@TEST-pfSense.home.arpa]/boot: setfib 5 netstat -rn
Routing tables (fib: 5)

Internet:
Destination        Gateway            Flags     Netif Expire
100.101.0.0/24     link#2             U          vmx1
100.102.0.0/24     link#7             U          vmx2
100.103.0.0/24     link#8             U          vmx3
100.104.0.0/24     link#9             U          vmx4
127.0.0.1          link#4             UH          lo0
192.168.0.0/24     link#1             U          vmx0


setfib 5 route delete 100.101.0.0/24
setfib 5 route delete 100.102.0.0/24
setfib 5 route delete 100.103.0.0/24
setfib 5 route delete 100.104.0.0/24
setfib 5 route delete 192.168.0.0/24


[2.5.0-RELEASE][root@TEST-pfSense.home.arpa]/boot: setfib 5 netstat -rn
Routing tables (fib: 5)

Internet:
Destination        Gateway            Flags     Netif Expire
127.0.0.1          link#4             UH          lo0

            I have to do more testing to get some confidence.

            edit: PfSense don't like you to add a existing subnet on a another interface....
            also at Shell it doesn't like it, and it gives inconsistency with the GUI.

            1 Reply Last reply Reply Quote 0
            • S Offline
              sokolum @sokolum
              last edited by

              @sokolum said in many Interfaces assinged to an FIB:

              I have found a post about how to assign a interface to a FIB, in my that would be a VLAN interface on PFsense.
              The example is using net.conf, what is not used on the PFsense, what is the proper way to assign interface to a FIB on PFsense?

              https://forums.freebsd.org/threads/using-same-ip-address-on-different-fibs.52565/

              Use case:
              I want (need) to create 5 VLAN interfaces, al has the same /24 subnet configured (mandatory) and every interface has configured the same IP address on their interface.
              I believe this is possible with FIB.

              Example:

              vmx1 - vlan 10 : fib 1 - all traffic is handled on fib 1 - VM 10.0.0.1/24
              vmx1 - vlan 20 : fib 1 - connected to LAN
              vmx1 - vlan 30 : fib 2 - all traffic is handled on fib 2 - VM 10.0.0.1/24
              vmx1 - vlan 40 : fib 2 - connected to LAN
              vmx1 - vlan 50 : fib 3 - all traffic is handled on fib 3 - VM 10.0.0.1/24
              vmx1 - vlan 60 : fib 3 - connected to LAN
              etc, etc

              NOTE: on Cisco I would create a new VRF and associate that interface to an VRF. Want to achieve similar on PFsense.

              Any help very much appreciated!

              Wasn't able to edit my post.
              What I actually try to achieve>

              I have 3 networks, all same LAN Subnets and each uses for NAT a different WAN address:

              Example for what i want to build:

              LAN-1: vmx1 - vlan 10 : fib 1 - all traffic is handled on fib 1 - VM 10.0.0.1/24
              WAN-1: vmx1 - vlan 20 : fib 1 - WAN: 192.168.0**.11**

              LAN-2:vmx1 - vlan 30 : fib 2 - all traffic is handled on fib 2 - VM 10.0.0.1/24
              WAN-1vmx1 - vlan 40 : fib 2 - WAN: 192.168.0**.12**

              LAN-3:vmx1 - vlan 50 : fib 3 - all traffic is handled on fib 3 - VM 10.0.0.1/24
              WAN-1vmx1 - vlan 60 : fib 3 - WAN: 192.168.0**.13**

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.