Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    how to enable asymmetric routing on pfSense + FRR

    Scheduled Pinned Locked Moved Routing and Multi WAN
    5 Posts 3 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • S
      Sipher
      last edited by

      I have below setup using 2 pfSense, the one facing 2 ISPs I have pfSense + FRR running with BGP, and second one behind FRR running as pure firewall.

      My question is, traffic flow from Client A to Server 1 all go through BGP neighbor 1, even I have best route path to Neighbor 2 when sh ip route "Client A IP", is it possible to route back to Client A via Neighbor 2? (Because Neighbor 2 cost per Mbps is cheaper)

      1. I've disable outbound NAT on FRR box
      2. should I just disable firewall under advanced setting and make FRR a pure router?

      Thanks

      BGP.png

      NogBadTheBadN 1 Reply Last reply Reply Quote 0
      • NogBadTheBadN
        NogBadTheBad @Sipher
        last edited by

        @sipher Policy based routing maybe.

        Andy

        1 x Netgate SG-4860 - 3 x Linksys LGS308P - 1 x Aruba InstantOn AP22

        1 Reply Last reply Reply Quote 0
        • S
          Sipher
          last edited by

          Re: how to enable asymmetric routing on pfSense + FRR

          @NogBadTheBad apologized for not being specific, the graph wasn't exactly my topology.

          I am reaching full internet via Neighbor 1, therefore I only ask for one default route from Neighbor 1.

          the other one is a peering center where local ISPs exchange peering here at very low cost. it won't reach full internet.

          by looking at my BGP, I have best route to Client A via Peering Center. But since Client A reach us via Neighbor 1, the traffic will return via Neighbor 1 due to the states table on pfSense + FRR box. (I believe that is why it won't route via Peering Center even the best route is not Neighbor 1)

          thxPeering.png

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Disable 'reply-to' on the firewall rules on the WAN of the FRR box.
            Right now that traffic comes in via neighbour 1 and the state opened on that interface will be tagged as reply-to with that gateway. If you disable that replies will use the system routing for the best route back.

            Steve

            S 1 Reply Last reply Reply Quote 1
            • S
              Sipher @stephenw10
              last edited by

              @stephenw10
              Really appreciated for the reply, just disabled "reply-to" from the fw rules and the traffic flows to the right BGP path now.

              Sipher

              1 Reply Last reply Reply Quote 1
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.