FreeBSD BIRD routing issue: using non-routable IPs

levid

levid

I'm running a Dell R630 with FreeBSD 14.2, using LAGG for link aggregation on three 2x10Gbit NICs. Each LAGG has multiple IP addresses and VLANs configured, including a mix of public routable IPs, transit provider IPs, and IX IPs. I'm using BIRD v2 for BGP sessions and pf for firewalling. The internal network uses publicly routable IP addresses.

The issue I've observed is that the router is sometimes using non-routable IP addresses (i.e., IP addresses from the IX or other unexpected sources) when attempting to reach external destinations. I would like the router to use public routable IP addresses instead, specifically the IP address 23.165.136.1 or even the IP provided by my transit provider (on lagg0). This only seems to occur when the router needs to connect to the internet, not with the internal network.

I'm concerned about this issue because it's causing connectivity problems and I'm not sure why the router is choosing to use non-routable IPs. Can anyone help me understand what's causing this behavior and how to configure my router to use the desired IP addresses?
 
Bucky said:
Can't you use NAT on your router?
Click to expand...
I believe so, but when I think of NAT, I think of routers in the home with only one public IP. Should I look into using NAT even though I have my own publicly routable subnet with hosts on the internal network using public IPs?
 
I will try to explain it with example.

Let say you have public assigned net 203.0.113.0/24 routed via private net 100.64.0.0/30 configured like this

Loopback interface: 203.0.113.1/24
LAN Interface: 192.168.1.1/24
Wan interface: 100.64.0.2/30
Default gateway: 100.64.0.1

And for your LAN network you have NAT address of the pool 203.0.113.0/24
Or DMZ network with public facing servers assigned in 203.0.113.0/24 network using your router as they default gateway on 203.0.113.1

When you try to reach internet from your router it will use the default gateway and because it's on directly connected route to your WAN interface it will use 100.64.0.2 as outbound ip address and it will fail as this is non public routable. It's expected behavior. That's why on Cisco routers you have option to specify a default source interface for some commands like ping,dns,ftp... etc. So your router will use it's public ip 203.0.113.1 routed via 100.64.0.1 to reach it's own traffic. One option is to use a secondary FIB with default gateway of 203.0.113.1
 
VladiBG said:
I will try to explain it with example.

Let say you have public assigned net 203.0.113.0/24 routed via private net 100.64.0.0/30 configured like this

Loopback interface: 203.0.113.1/24
LAN Interface: 192.168.1.1/24
Wan interface: 100.64.0.2/30
Default gateway: 100.64.0.1

And for your LAN network you have NAT address of the pool 203.0.113.0/24
Or DMZ network with public facing servers assigned in 203.0.113.0/24 network using your router as they default gateway on 203.0.113.1

When you try to reach internet from your router it will use the default gateway and because it's on directly connected route to your WAN interface it will use 100.64.0.2 as outbound ip address and it will fail as this is non public routable. It's expected behavior. That's why on Cisco routers you have option to specify a default source interface for some commands like ping,dns,ftp... etc. So your router will use it's public ip 203.0.113.1 routed via 100.64.0.1 to reach it's own traffic. One option is to use a secondary FIB with default gateway of 203.0.113.1
Click to expand...
It sounds like you understand the issue I'm trying to solve and how to solve it!

I'll look into using a secondary FIB with default gateway of my ".1" address.

If you have any links with additional information on this, that would be amazing.

Thank you!
 
You must log in or register to reply here.
Back
Top