pfSense Support Subscription

Author Topic: FRR BGP Config example request.  (Read 175 times)

0 Members and 1 Guest are viewing this topic.

Offline Heimire

  • Full Member
  • ***
  • Posts: 108
  • Karma: +6/-0
    • View Profile
FRR BGP Config example request.
« on: January 03, 2018, 05:27:54 pm »
Hey,

I am trying to make FRR BGP work for us.
It works but I think we are seeing a long fail over time.

If I reboot the primary it can take 2 minutes before we get connectivity again.

Or if I disable CARP on primary the connection goes down for 8 seconds then comes backup for some seconds, goes back down for 9 seconds then comes up again.
The seconds vary.


We are in a data center with 2 connections to the cabinet.
A /29 for each firewall. 
FRR is running on both.

I am not sure if I can do anything about speeding up the fail over.

I feel like I am missing the obvious but not sure where to look.
Any suggestions?


BGP configuration primary.
##################### DO NOT EDIT THIS FILE! ######################
###################################################################
# This file was created by an automatic configuration generator.  #
# The contents of this file will be overwritten without warning!  #
###################################################################
password Super.1346
log syslog

# BGP Config
router bgp 18599
  bgp log-neighbor-changes
  bgp router-id 64.9.133.18
  timers bgp 6 20
  address-family ipv4 unicast
   network 168.245.135.0/24
  exit-address-family

  # BGP Neighbors
  neighbor 64.9.133.17 remote-as 3900
  neighbor 64.9.133.17 description Primary Datafoundry
  address-family ipv4 unicast
    neighbor 64.9.133.17 activate
    no neighbor 64.9.133.17 send-community
    neighbor 64.9.133.17 next-hop-self
    neighbor 64.9.133.17 soft-reconfiguration inbound
  exit-address-family
  neighbor 64.9.133.25 remote-as 3900
  neighbor 64.9.133.25 description Backup Datafoundry
  address-family ipv4 unicast
    neighbor 64.9.133.25 activate
    no neighbor 64.9.133.25 send-community
    neighbor 64.9.133.25 next-hop-self
    neighbor 64.9.133.25 soft-reconfiguration inbound
  exit-address-family

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9597
  • Karma: +1089/-309
    • View Profile
Re: FRR BGP Config example request.
« Reply #1 on: January 04, 2018, 12:48:23 am »
You have WAN1 active on the primary and WAN2 active on the secondary with CARP VIPs on them?

If so that is an unsupported HA configuration. pfSense does not support ACTIVE/ACTIVE failover.

WAN1 and WAN2 should be active on both nodes with the CARP VIPs active on both WANs on the current MASTER node only.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Heimire

  • Full Member
  • ***
  • Posts: 108
  • Karma: +6/-0
    • View Profile
Re: FRR BGP Config example request.
« Reply #2 on: January 04, 2018, 08:56:27 am »
No.

WAN1 and WAN2 is active on both firewalls with CARP VIPs.

We run 2.26 in this setup (designed by pfsense by the way) and it works fine.

In the new data center we are running 2.4.2_P1 but using FRR instead of OpenBGP.
In this data center we are seeing a long fail over so I think its due to my lack of understanding of the FRR package.
So thats why I am asking for some assistance.

I think I need to prepend the backup WAN connection WAN2 with prepend-self 2 but not exactly sure what the best way to do that in FRR.
I just did a manual config in 2.26 with openBGP.

I also probably need a deny from all and allow from the 2 gateways.

Right now this works, the fail over CARP works.
Only problem is it takes a long time to fail over the BGP.
Its like the primary shuts down the BGP session so all connectivity is lost until the BGP session has been established on the secondary.
Takes up to a few minutes to see connectivity.

I am sure its lack of understand on my part when it comes to things like hold time, neighbor config,etc.

Thank you for taking the time to respond.

H.

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9597
  • Karma: +1089/-309
    • View Profile
Re: FRR BGP Config example request.
« Reply #3 on: January 04, 2018, 11:56:16 am »
OK - your diagram looks like it says otherwise...



FRR > Global Settings > Route Maps

Create a route map - most examples name this prepend

AP Path Action: Set Prepend

Set AS List: What you want to prepend

Set the outbound route map filter on that neighbor to that route map.

See what that does for you.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Heimire

  • Full Member
  • ***
  • Posts: 108
  • Karma: +6/-0
    • View Profile
Re: FRR BGP Config example request.
« Reply #4 on: January 04, 2018, 12:40:27 pm »
I see what you mean about the diagram.
I guess thats another thing I am not good at :)

Will take a stab at what you wrote.

Thank you so much for taking the time.

H.