pfSense Support Subscription

Author Topic: 2.4.2 BGP working correctly?  (Read 133 times)

0 Members and 1 Guest are viewing this topic.

Offline Heimire

  • Full Member
  • ***
  • Posts: 108
  • Karma: +6/-0
    • View Profile
2.4.2 BGP working correctly?
« on: December 18, 2017, 04:19:04 pm »
We have a HA setup in one data center running 2.26.
We are using BGP with no problems.

In the new data center we are running another HA setup running 2.4.2.

We have 2 connections, we are using CARP and BGP.

The weird thing we are dealing with is that when we tell the primary firewall to disable CARP BOTH firewalls are closing the session so it takes a very long time to fail over.

This is what the provider sent me.
Dec 18 10:50:46 CST: %BGP-SW2-5-NBR_RESET: Neighbor 64.9.133.26 reset (Peer closed the session) Dec 18 10:50:46 CST: %BGP-SW2-5-NBR_RESET: Neighbor 64.9.133.18 reset (Peer closed the session) Dec 18 10:50:46 CST: %BGP-SW2-3-NOTIFICATION: received from neighbor
64.9.133.26 6/2 (Administrative Shutdown) 0 bytes Dec 18 10:50:46 CST: %BGP-SW2-3-NOTIFICATION: received from neighbor
64.9.133.18 6/2 (Administrative Shutdown) 0 bytes Dec 18 10:50:46 CST: %BGP-SW2-5-ADJCHANGE: neighbor 64.9.133.18 Down Peer closed the session Dec 18 10:50:46 CST: %BGP_SESSION-SW2-5-ADJCHANGE: neighbor
64.9.133.18 IPv4 Unicast topology base removed from session  Peer closed the session Dec 18 10:50:46 CST: %BGP-SW2-5-ADJCHANGE: neighbor 64.9.133.26 Down Peer closed the session Dec 18 10:50:46 CST: %BGP_SESSION-SW2-5-ADJCHANGE: neighbor
64.9.133.26 IPv4 Unicast topology base removed from session  Peer closed the session


Is it possible this is a bug or do I have something screwed up.  This is also the same setup where we see 2-8ms on the dashboard gateway screens but when you ping the gateways from the firewall or laptop its sub 1ms.

Our BGP config.
# This file was created by the package manager. Do not edit!

AS 18599
fib-update yes
holdtime 20
listen on 0.0.0.0
network 168.245.135.0/24
neighbor 64.9.133.17 {
descr "WAN1 BGP"
remote-as 3900
local-address 64.9.133.18
set nexthop self
}
neighbor 64.9.133.25 {
descr "WAN2 BGP"
remote-as 3900
local-address 64.9.133.26
set nexthop self
set prepend-self 2
}
deny from any
deny to any
allow from 64.9.133.17
allow to 64.9.133.17
allow from 64.9.133.25
allow to 64.9.133.25



Offline Heimire

  • Full Member
  • ***
  • Posts: 108
  • Karma: +6/-0
    • View Profile
Re: 2.4.2 BGP working correctly?
« Reply #1 on: December 22, 2017, 10:45:38 am »
Its confirmed its not working correctly.

Recommendation is to use FRR instead of OpengBGP package.

Now how to configure FRR?
Its a bit intimidating...