FRR Dynamic routing to Virtual IPs
-
Does anyone know a good way in PFSense FRR to stop advertising virtual IP addresses when the LAN interface goes down?
I'm advertising the virtual IPs that exist on both of our PFSense firewalls to the internet via BGP but I need a way to automatically stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs.
If you've set up two PFSense instances with BGP and independent WAN connections which route to the same internal network and would like to share how you did it, please do
-
@csgrhys you control what gets advertised out using route-maps.
-
@michmoor I'm already using route-maps to control advertised prefixes and set communities. Don't see a way through the PFSense GUI to match based on interface status.
-
" stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs."
If the physical interface goes down then the subnet reachable out of that interface will be withdrawn in route advertisements.
VIPs like loopbacks, are logical and are always UP.