FRR BGP - Propagate routes learned from eBGP to eBGP
-
Hello,
I'm running FRR 7.5 on pfSense CE.
We have an uplink that is providing us with a routing table that I'd like to send to my downstream eBGP neighbours.
This is how the BGP looks like (placeholder AS numbers):
Local ASN: AS2
Neighbour 1: AS1 (Upstream/eBGP)
Rcvd Routes: 15 (Routes are received without an issue and populated in the Routing table) (Working as expected)
Sent Routes: 8 (5 from AS 3 + 3 from AS2) (Working as expected)Neighbour 2: AS3 (Downstream/eBGP)
Sent routes = 3 (Only routes from iBGP neighbour AS2 are sent)
Rcvd Routes = 5 (Working as expected)Neighbour 3: AS2 (Downstream/iBGP)
Rcvd Routes: 3 (Working as expected)
Sent Routes = 20 (15 Routes from AS1 + 5 routes from AS3) (Working as expected)What we're seeing is that routes received from the upstream AS1 are being sent successfully to iBGP neighbours and routes received from iBGP neighbours are also sent successfully to eBGP neighbours, however routes received from eBGP neighbour (AS1) are not being sent to downstream eBGP neighbour AS3.
In order to do some testing, I changed the local AS of the router having AS3 to AS2 (iBGP) and I started receiving the routes.
I would like to send these 15 routes (dynamically) received from AS1 along with the 3 routes that are being sent from the iBGP neighbour (routes from iBGP are being sent and working as expected).
I have configured a route map with the following settings:
Name: ROUTE-MAP
Description: ROUTE-MAP
Action: PERMIT
Sequence: 100I have then applied this route-map to both inbound and outbound of all the BGP neighbours.
These received routes (from AS1) are expected to change and I would like to accept them all by default and propagate them to both iBGP and eBGP downstreams.
What am I missing here? Any help would be greatly appreciated.
-
@threeperson
Whats the configuration of AS3.
Either local-as is configured or there is something else going on-misconfigured.
If its not installing the routes from AS1 its likely seeing it as a loop. Default loop prevention for bgp is AS-PATH.
Somehow in your lab/scenario, its possible 3 is learning those routes from somewhere else.
A drawing of your lab would be helpful.... -
@michmoor said in FRR BGP - Propagate routes learned from eBGP to eBGP:
@threeperson
Whats the configuration of AS3.AS3 is a downstream Mikrotik router and not pfSense/FRR. Its not that AS3 not installing the routes. The routes are not being sent to AS3 and it is indicated in the BGP Neighbour summary on pfSense. It appears routes from AS1 are only being advertised by pfSense to iBGP neighbours while routes received from downstream AS3 are being propagated to AS1 successfully.
If its not installing the routes from AS1 its likely seeing it as a loop. Default loop prevention for bgp is AS-PATH.
As mentioned, the routes are not being sent by pfSense. The route summary that I have provided is from the pfSense router.
Somehow in your lab/scenario, its possible 3 is learning those routes from somewhere else.
AS2 (pfSense FRR) is the only peer for AS3
A drawing of your lab would be helpful....
Will sketch that up and post it in a while.
-
What's weird is that routes received from AS3(eBGP) are being sent to both AS1 (eBGP) and AS2 (iBGP), however routes received from AS1 are not being sent to AS3 (eBGP) but are being sent to AS2 (iBGP Neighbour).
I'd like to mention this again that the I have a route-map:Name: ROUTE-MAP
Description: ROUTE-MAP
Action: PERMIT
Sequence: 100^ that I have applied to both "outbound" and "inbound" for all BGPs neighbours config on pfSense FRR.
The only difference between the neighbour config of AS3 and AS1 is that the BGP Session with AS1 uses a BGP Password which I have configured in the neighbour settings and selected "FRR and setkey bidirectional"
-
In pfsense, log in with ssh. Select option 8 to get to the shell
At the prompt type invtyshNow do a
show runCopy the output here.
edit
So from your output you have ZERO sent routes? For example here is a sample snapshot from my lab
