OPNsense Forum
Archive => 18.7 Legacy Series => Topic started by: JeGr on September 19, 2018, 04:12:53 pm
-
Hi,
few quick questions as we saw that at a customer installation: Is it possible with FRR package and BGP setup to
1) Set/Override the default gateway
2) "inject" additional static routes in addition to the ones learned from the BGP peer
as I was shown, the default route seems to be added to the system but even if nowhere else a default route is configured (neither on WAN nor anywhere else, the only GW entry is on LAN and set to be non-default), there's still a default kernel route from "anywhere" inserted in the routing table that stops the learned route from working.
Also it seems there's no place to add static routes in addition to the ones learned via BGP. One can with vytsh on console but that isn't saved and gone after a reboot.
Thanks!
-
That default route must be added by DHCP client or some system configuration. The plugin behaves correctly by not touching them because static routes should always have a higher priority than any route learned by any routing protocol.
Static routes configured via the system can be set via the original OPNsense pages and should be visible as K (kernel route) in FRR. vtysh is only for debugging and not for configuring.
The reason why I do not copy static routes into FRR is that they may conflict (set from two places) or break.
You will not get around to find out what breaks the routing table from core side.
-
Automatic sounds like Upstream Gateway in Interface config.
You can redistribute Kernel routes and add them via normal routes in System
-
Not exactly, the customer in this case wants the default route learned by BGP as they have/will have 3 BGP peer neighbors that propagate a route and OPNsense should take one (or all three) to good use - or so they hope.
-
The problem with BGP is always the perspective.
I assume, your customer runs BGP with his/her ISP(s) and only wants to receive a default gateway, in order to switch from ISP A to ISP B when A fails. This is ONLY a todo at provider side, normally you agree to peering behavior when contracting and there you can say "ok I want full feed" or "only send my a default route".
In FRR this would be "default-originate" in bgp router section .. but only from perspective as core router.
-
As far as my understanding of the situation goes (all tech savvy people from that customer are unavailable to speak ATM so I can't get any further details), that could be the case although there seems to be a network that they announce (again I guess like the /22 you get as RIPE member) they told me they have two (soon three) upstreams where they'd like the default route to change. But as that is very vague as actual "what exactly do you want to achieve?" I can only guess as of now. But given the few details I'd assume it's like you described that they want to get the default route from different upstreams.
-
If you have 3 provider all sending you a default gateway you have to set localpref's to decide which one to use.
http://docs.frrouting.org/en/latest/routemap.html#clicmd-setlocal-preferenceLOCAL_PREF