• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

FRR Dynamic routing to Virtual IPs

Scheduled Pinned Locked Moved FRR
4 Posts 2 Posters 349 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • C
    csgrhys
    last edited by Oct 5, 2024, 3:50 PM

    Does anyone know a good way in PFSense FRR to stop advertising virtual IP addresses when the LAN interface goes down?

    I'm advertising the virtual IPs that exist on both of our PFSense firewalls to the internet via BGP but I need a way to automatically stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs.

    If you've set up two PFSense instances with BGP and independent WAN connections which route to the same internal network and would like to share how you did it, please do 😃

    M 1 Reply Last reply Oct 5, 2024, 4:03 PM Reply Quote 0
    • M
      michmoor LAYER 8 Rebel Alliance @csgrhys
      last edited by Oct 5, 2024, 4:03 PM

      @csgrhys you control what gets advertised out using route-maps.

      Firewall: NetGate,Palo Alto-VM,Juniper SRX
      Routing: Juniper, Arista, Cisco
      Switching: Juniper, Arista, Cisco
      Wireless: Unifi, Aruba IAP
      JNCIP,CCNP Enterprise

      C 1 Reply Last reply Oct 5, 2024, 4:55 PM Reply Quote 0
      • C
        csgrhys @michmoor
        last edited by Oct 5, 2024, 4:55 PM

        @michmoor I'm already using route-maps to control advertised prefixes and set communities. Don't see a way through the PFSense GUI to match based on interface status.

        M 1 Reply Last reply Oct 5, 2024, 10:19 PM Reply Quote 0
        • M
          michmoor LAYER 8 Rebel Alliance @csgrhys
          last edited by michmoor Oct 5, 2024, 10:20 PM Oct 5, 2024, 10:19 PM

          " stop advertising these routes if the LAN interface goes down as the virtual IPs use 1:1 NAT to route traffic to internal IPs."

          If the physical interface goes down then the subnet reachable out of that interface will be withdrawn in route advertisements.
          VIPs like loopbacks, are logical and are always UP.

          Firewall: NetGate,Palo Alto-VM,Juniper SRX
          Routing: Juniper, Arista, Cisco
          Switching: Juniper, Arista, Cisco
          Wireless: Unifi, Aruba IAP
          JNCIP,CCNP Enterprise

          1 Reply Last reply Reply Quote 0
          2 out of 4
          • First post
            2/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received