I'm currently using PFSense VM (KVM on Linux) to act as a border router for a virtual environment. The grand idea is to have different servers announce their service IP address via BGP through a route reflector to the PFSense box.
I'm currently using OpenBGP on the PFSense box, GoBGP on the route reflector server*, and Quagga on the server to announce the route. Everything connects up just fine and the routes are pasted from the server, through the GoBGP server to the PFSense box. The issues is that the routes aren't being installed in the FIB on the PFSense box.
flags destination gateway lpref med aspath origin I 76.8.56.26/32 172.18.129.8 100 1 ? <-- This one
If I establish a direct peering between the PFSense box and the server, the routes appear in the FIB.
flags destination gateway lpref med aspath origin I*> 76.8.56.26/32 172.18.129.8 100 1 ? <-- From server directly I 76.8.56.26/32 172.18.129.8 100 1 ? <-- From GoBGP server
Looking at the output of bgpctl show rib detail for those routes, there appears to be nothing different about them:
BGP routing table entry for 76.8.56.26/32 Nexthop 172.18.129.8 (via 172.18.129.8) from NIMI01 (172.18.129.8) Origin incomplete, metric 1, localpref 100, weight 0, internal, valid, best Last update: 00:02:33 ago Originator Id: 172.18.129.8 Cluster ID List: 172.18.129.1 BGP routing table entry for 76.8.56.26/32 Nexthop 172.18.129.8 (via 172.18.129.8) from COLO-BGP-V4 (172.18.129.2) Origin incomplete, metric 1, localpref 100, weight 0, internal Last update: 00:02:29 ago Originator Id: 172.18.129.8 Cluster ID List: 172.18.129.1
The OpenBGP config for these two neighors is:
group "colo-bgp" { remote-as 65301 route-reflector 172.18.129.1 neighbor 172.18.129.2 { announce none descr COLO-BGP-V4 local-address 172.18.129.1 } } group "nimi01" { remote-as 65301 neighbor 172.18.129.8 { announce none descr NIMI01 local-address 172.18.129.1 } }
Normally I do all of this on Junipers, and they are pretty good at telling you why it doesn't install the route. I was curious if anyone had any insight into this.
* I'm using GoBGP for the servers to directly connect to as it allows me to define neighbors by the subnet allowing my automation to work a heck of a lot smoother without.
No comments:
Post a Comment