how to enable asymmetric routing on pfSense + FRR
-
I have below setup using 2 pfSense, the one facing 2 ISPs I have pfSense + FRR running with BGP, and second one behind FRR running as pure firewall.
My question is, traffic flow from Client A to Server 1 all go through BGP neighbor 1, even I have best route path to Neighbor 2 when sh ip route "Client A IP", is it possible to route back to Client A via Neighbor 2? (Because Neighbor 2 cost per Mbps is cheaper)
- I've disable outbound NAT on FRR box
- should I just disable firewall under advanced setting and make FRR a pure router?
Thanks
-
@sipher Policy based routing maybe.
-
Re: how to enable asymmetric routing on pfSense + FRR
@NogBadTheBad apologized for not being specific, the graph wasn't exactly my topology.
I am reaching full internet via Neighbor 1, therefore I only ask for one default route from Neighbor 1.
the other one is a peering center where local ISPs exchange peering here at very low cost. it won't reach full internet.
by looking at my BGP, I have best route to Client A via Peering Center. But since Client A reach us via Neighbor 1, the traffic will return via Neighbor 1 due to the states table on pfSense + FRR box. (I believe that is why it won't route via Peering Center even the best route is not Neighbor 1)
thx
-
Disable 'reply-to' on the firewall rules on the WAN of the FRR box.
Right now that traffic comes in via neighbour 1 and the state opened on that interface will be tagged as reply-to with that gateway. If you disable that replies will use the system routing for the best route back.Steve
-
@stephenw10
Really appreciated for the reply, just disabled "reply-to" from the fw rules and the traffic flows to the right BGP path now.Sipher
