Can propagate routes into AWS but don't receive updates back
-
Hi All,
Pretty new to pfSense and BGP, but I am looking to utilise this FW to connect an on-premise site to AWS Transit Gateway.
I have managed to setup an IKEV2 VPN (utilising VTI on P2) between Transit Gateway and pfSense and can propagate routes into AWS, however we are not receiving routes back from AWS.
I am pretty sure that this is likely to be related to my FRR Config:
##################### DO NOT EDIT THIS FILE! ###################### ################################################################### # This file was created by an automatic configuration generator. # # The contents of this file will be overwritten without warning! # ################################################################### ! frr defaults traditional hostname XXXX password XXXX service integrated-vtysh-config ! ip router-id 10.0.1.18 ! router bgp 64515 bgp router-id 10.0.1.18 no bgp network import-check no bgp ebgp-requires-policy neighbor 169.254.10.9 remote-as 64512 neighbor 169.254.10.9 update-source 169.254.10.10 neighbor 169.254.10.13 remote-as 64512 neighbor 169.254.10.13 update-source 169.254.10.14 ! address-family ipv4 unicast network 10.0.0.0/16 neighbor 169.254.10.9 activate neighbor 169.254.10.13 activate no neighbor 169.254.10.9 send-community neighbor 169.254.10.9 route-map allow-any-routemap-1 in neighbor 169.254.10.9 route-map allow-any-routemap-1 out no neighbor 169.254.10.13 send-community neighbor 169.254.10.13 route-map allow-any-routemap-2 in neighbor 169.254.10.13 route-map allow-any-routemap-2 out exit-address-family ! ! route-map allow-any-routemap-1 permit 100 route-map allow-any-routemap-2 permit 101 ! line vty ! endBGP Neighbor Summary:
BGP neighbor is 169.254.10.9, remote AS 64512, local AS 64515, external link BGP version 4, remote router ID 169.254.10.9, local router ID 10.0.1.18 BGP state = Established, up for 03:26:56 Last read 00:00:05, Last write 00:00:04 Hold time is 30, keepalive interval is 10 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised IPv4 Unicast Route refresh: advertised and received(old & new) Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: XXXX,domain name: n/a) not received Graceful Restart Capability: advertised Graceful restart information: Local GR Mode: Helper* Remote GR Mode: Disable R bit: False Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 11 1 Keepalives: 1237 1243 Route Refresh: 5 0 Capability: 0 0 Total: 1254 1245 Minimum time between advertisement runs is 0 seconds Update source is 169.254.10.10 For address family: IPv4 Unicast Update group 8, subgroup 4 Packet Queue length 0 Community attribute sent to this neighbor(large) Inbound path policy configured Outbound path policy configured Route map for incoming advertisements is *allow-any-routemap-1 Route map for outgoing advertisements is *allow-any-routemap-1 0 accepted prefixes Connections established 1; dropped 0 Last reset 03:27:09, No AFI/SAFI activated for peer Local host: 169.254.10.10, Local port: 179 Foreign host: 169.254.10.9, Foreign port: 38055 Nexthop: 169.254.10.10 Nexthop global: fe80::1 Nexthop local: fe80::1 BGP connection: non shared network BGP Connect Retry Timer in Seconds: 120 Estimated round trip time: 2 ms Read thread: on Write thread: on FD used: 24 BGP neighbor is 169.254.10.13, remote AS 64512, local AS 64515, external link BGP version 4, remote router ID 169.254.10.13, local router ID 10.0.1.18 BGP state = Established, up for 03:26:50 Last read 00:00:08, Last write 00:00:07 Hold time is 30, keepalive interval is 10 seconds Neighbor capabilities: 4 Byte AS: advertised and received AddPath: IPv4 Unicast: RX advertised IPv4 Unicast Route refresh: advertised and received(old & new) Address Family IPv4 Unicast: advertised and received Hostname Capability: advertised (name: XXXX,domain name: n/a) not received Graceful Restart Capability: advertised Graceful restart information: Local GR Mode: Helper* Remote GR Mode: Disable R bit: False Timers: Configured Restart Time(sec): 120 Received Restart Time(sec): 0 Message statistics: Inq depth is 0 Outq depth is 0 Sent Rcvd Opens: 1 1 Notifications: 0 0 Updates: 11 1 Keepalives: 1236 1242 Route Refresh: 6 0 Capability: 0 0 Total: 1254 1244 Minimum time between advertisement runs is 0 seconds Update source is 169.254.10.14 For address family: IPv4 Unicast Update group 9, subgroup 3 Packet Queue length 0 Community attribute sent to this neighbor(large) Inbound path policy configured Outbound path policy configured Route map for incoming advertisements is *allow-any-routemap-2 Route map for outgoing advertisements is *allow-any-routemap-2 0 accepted prefixes Connections established 1; dropped 0 Last reset 03:27:09, No AFI/SAFI activated for peer Local host: 169.254.10.14, Local port: 179 Foreign host: 169.254.10.13, Foreign port: 38263 Nexthop: 169.254.10.14 Nexthop global: fe80::1 Nexthop local: fe80::1 BGP connection: non shared network BGP Connect Retry Timer in Seconds: 120 Estimated round trip time: 3 ms Read thread: on Write thread: on FD used: 25Can anyone see see what the issue might be?
Thanks in advance! :)
-
seems AWS side does not send routes
-
@rebelboy1988 I would remove the route-map from the neighbor command so you have no filter applied and then see if you are getting routes. If not then the problem is with the AWS peer.
Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.