State not cleared after routing change
-
Hi,
I have been chasing an issue of dropped traffic, and finally found the issue. A client is repeatedly sending traffic to a network on a remote router. When the local router is booting up, it sees this traffic and tries to send it over its default route. A state entry is created for this. Then, shortly after, FRR/OSPF gets routes from the remote router (which is where the traffic should go). This change means the traffic will flow through a different interface. However, the old state is not cleared on the local router, and the traffic does not take the correct path.
Why does FRR not clear the states which are invalid after route convergence, and how do I fix this problem?
Both routers are running pfSense 23.05.01 with the current FRR package.
-
-
I have now tried to update FRR to latest version (1.2_3 to 1.3), however the issue is unfortunately still there.
The state that has to be cleared is shown in firewall states as:
WAN udp public-ip:port (internal-ip:port) -> remote-site-device-ip:port SINGLE:NO_TRAFFIC 290.421K / 0 16.8MiB / 0 B
Manually clearing this state resolves the issue, but it immediately appears again after a reboot.
-
@DEHAAS I cannot se this as anything but a bug, thus I have created it as an issue here https://redmine.pfsense.org/issues/14630