Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Openbgpd not coupling RIB with FIB

    Scheduled Pinned Locked Moved pfSense Packages
    2 Posts 1 Posters 5.7k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • Z
      zcarlson
      last edited by

      Recently we've been looking into an issue where our RRD graphs have been out of step with our traffic graphs for our multiple WANs. As it turns out, it looks like the route table is telling an outgoing packet being routed from an internal host to go one way, but then a reply-to rule and a state for the packet kick in and the packet is routed out the correct interface – but not before statistics have been counted for both WANs. We're still trying to determine if this is truly the cause, but in the process of doing so, we've come to realize that OpenBGPD is not adding the routes it has downloaded from its peers to the fib (aka the kernel's routing table). We've confirmed this by setting up a developmental pfSense VM as another peer, receiving routes from the live pfSense firewall we have running, and it's experiencing the exact same problem despite only having one interface at all. Even manually running bgpctl fib couple (on the dev) doesn't do anything. Worse, the bgpd daemon doesn't even seem to be emitting any log messages about failing to add those routes into the fib.

      Has anyone run into this before? This wasn't a problem in the bgpd package included with pfSense 1.2.3 (package version 0.4.2 – current (according to 2.0 package manager) is 0.5.2)... what am I missing?

      1 Reply Last reply Reply Quote 0
      • Z
        zcarlson
        last edited by

        This was actually due to the nexthop received from the peer not being our proper nexthop; we had to update the config to have openbgpd set the nexthop to be our actual next hop. Moral of the story: nexthop has to be locally reachable, somehow.

        That is to say, you must have a route that covers the IP given in the "Gateway" column of bgpctl show rib; if you do not, you must either add such a route or add this line:

        set nexthop <gateway ip="" for="" isp="">to the neighbor config for the peer that's sending you BGP routes. (This automatically translates to a "match" filter rule that simply does the same thing, but I find this looks simpler and does not appear to be deprecated.)</gateway>

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.