pfSense route table

michmoor

Curious but will there every be a time where pfsense will have smarter routing when it comes to programming the rib (route table).

For example, i was troubleshooting a connectivity problem with a BGP neighbor. To get things running quickly i had to configure a static route pointing to the bgp neighbor (gateway). The pfsense route table had the destination network in the route table as a static route. Thats all fine.
BGP comes up and now that the destination network is learned but the pfsense route table still has it as static learned route. Even deleting the static route didn't update the pfsense route table to see it not as a static route. Bouncing the bgp neighbors >clear bgp x.x.x.x> didn't help. The only work around is restarting FRR as a whole which is not ideal.

So pfsense route tables arent dynamically updated at least when it comes to FRR? There seems to be special conditions?

Then there is the other 'problem" where I have a Privacy VPN and its using 8.8.4.4 as the monitor IP. What i just discovered is that if you look at the pfsense route table, it programs the 8.8.4.4 to go out the privacy VPN as the nexthop. I get it...But now all traffic for 8.8.4.4 goes through the VPN. Thats not the intent of course but that's the fallout from this. Ideally you want separate route tables for this.

Are there any ways to make the pfsense route table a bit smarter when it comes to those scenarios?

stephenw10

Did you add the static route in pfSense directly or in FRR?

Adding a static route for gateway monitoring has always worked like that. That's why you need to be careful when using DNS servers for monitoring and as system upstream DNS servers.
You can choose not to add a static route for monitoring IPs in the gateway advanced settings. However if you do that you rely on route-to to ensure traffic leaves the correct interface.

There are several long standing feature requests for multiple routing tables, like: https://redmine.pfsense.org/issues/4796

I'm not aware of anything 'coming soon' for that though. Adding it would be non-trivial and not that many scenarios require it.

Steve

michmoor

@stephenw10 said in pfSense route table:

Did you add the static route in pfSense directly or in FRR?

No through the routing menu in pfSense.

So is it fair to say that with the exception of FRR, pfsense does not understand having multiple routes to a destination network?
For example, if i learned about network x.x.x.x/xx from FRR and the same network via a static route, which does pfsense use? Is there a concept of route preference(AD)?

Also, if the same destination network is learned from static but later its learned from FRR, i found that the route table on pfsense is not updated. Is that normal? Does it dynamically change based on how it learns routes? To me, there doesn't appear to work that way.

stephenw10

If you add it via FRR it can:
https://docs.netgate.com/pfsense/en/latest/routing/multipath.html