Actions
Bug #12751
open
Improve FRR route restoration after gateway events
Status:
New
Priority:
Normal
Assignee:
-
Category:
FRR
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Affected Version:
Affected Plus Version:
Affected Architecture:
Description
SETUP:
VTI gateway with option checked:
- FRR BGP over IPsec VTI using a localhost interface as update source.
- Check
Diagnostics / Routesfor route advertised by neighbor - IPsec P1 configured with failover gateway group using a CARP VIP for each WAN.
- FRR option
Ignore IPsec Restartis not checked (further testing needed with this option checked) - pfSense 22.01-RC
- Simulate gateway offline/online by blocking/allowing traffic upstream
VTI gateway with option checked:
Disable Gateway Monitoring Action
- Failover from WAN1 to WAN2: routes NOT restored
- Bounce WAN1 and WAN2 gateways: routes NOT restored
- Run
/etc/rc.newipsecdns: routes NOT restored IPsec local service stop then start: routes restored(EDIT: see comments)- IPsec remote service stop then start: routes restored
- Failover from WAN1 to WAN2: routes restored
- Bounce WAN1 and WAN2 gateways: routes NOT restored
- Run
/etc/rc.newipsecdns: routes NOT restored IPsec local service stop then start: routes NOT restored(EDIT: see comments)- IPsec remote service stop then start: routes restored
Routes should be restored in all scenarios if possible.
Updated by Marcos M almost 3 years ago
Further testing with 22.01-REL:
VTI gateway with default settings OR with option checked:Disable Gateway Monitoring Action
- IPsec configuration Save/Apply: routes NOT restored
- IPsec local service stop then start: routes restored (depends - see below)
- If IPsec config was Saved/Applied, FRR service must be restarted afterwards before stopping/starting IPsec restores routes again
Actions