Options

Learning default route from BGP

SteveCSteveC
edited January 2021 in Firebox - Networking, Multi-Wan, VLAN, NAT, SD-WAN

Is it possible for a Firebox to learn a default route from BGP?

We have two sites connected via MPLS using BGP. The main site advertises a default route.

On the remote site Firebox, the MPLS interface is configured as a Trusted interface. There's also a backup Internet connection configured as an External interface. I see the default route advertised over the MPLS circuit in the BGP table, but not in the main routing table. The only default route shown in the main routing table is the backup Internet connection. So instead of routing traffic down the MPLS circuit, it ends up getting sent out the backup Internet connection interface.

The only way to remedy this is to set the MPLS circuit as an External interface and provide the default gateway. However, this makes the default route static. That's a problem because I also want setup a BOVPN for automatic failover, which requires dynamic routing.

I've looked at these two guides:

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/vpn_failover_from_leased_line_overview_c.html

https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/bovpn/manual/bovpn_vif_metric_failover_c.html

...but the crux of the issue seems to go back to my original question, can the Firebox learn a default route via BGP?

Comments

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @SteveC
    I believe it should be able to do this. The issue is that if all external interfaces are disabled on the firewall, it will ask for a default route. I believe that static route will override the leaned routes in most cases.

    If you haven't done so already, I would suggest creating a support case so that we can take a look at your logs more closely and assist.

    -James Carson
    WatchGuard Customer Support

  • Options
    AlvarezAlvarez

    From the original question: Can Firebox learn default route via BGP? Yes. As long as your BGP Peer/s issue the command default-information originate or something like that.
    Now about static routes overriding the dynamic routes learned by the Firebox, this is true if you use the default metric (1) on static routes. If you work on your metrics correctly be it static routes or dynamic routes such as BGP (default-metric ) then you will achieve the results you want to have.

  • Options
    remarema Applicant

    Hello,

    I'm running into this too.
    I see the default route advertisments within the bgp sessions but the default route did not change.

    How can the default-metric of the static route be changed?

    It works with "normal static routes" but not with the the gateway settings.

    tnx

  • Options
    james.carsonjames.carson Moderator, WatchGuard Representative

    Hi @rema
    If you haven't done so already, I'd suggest a support case so we can see what specifically is happening with your routes. In most cases, if you're using redistribute, your static routes can be advertised across the network.

    Creating a support case allows our team to look at your routing statements and help directly. You can create a support case by using the support center link in the top right of this page.

    -James Carson
    WatchGuard Customer Support

  • Options
    remarema Applicant

    Hi,

    Already did it.
    Solution is to change the default metric of the default route.

    https://www.nongnu.org/quagga/docs/docs-multi/BGP-distance.html

Sign In to comment.