I defined one neighbor by providing an agent IP where a speaker is running. Using tcpdump I was also able to see that network packets are transferred from/to the pfSense and the agent. However the BGP state of the neighbor in pfSense remains 'Active' and never switches to 'Established'.
I haven´t done any NAT configuration or proxy setup on the pfSense.
Does someone have an idea what I´m missing?
Thanks
Francis Augusto Medeiros
unread,
Jan 15, 2023, 2:50:36 PM1/15/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to metallb-users
Two things come to my mind:
1 - Firewall and blocking port 179?
2 - Did you add all the nodes as neighbors?
That's how I did on OPNSense, and it worked.
Best,
Francis
Alexander Petrenz
unread,
Jan 15, 2023, 2:56:43 PM1/15/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to metallb-users
Hi,
I was experimenting with the neighbors. There were tutorials that added only one node as neighbor, others that created a neighbor group along with the neighbors and some added all nodes as neighbors. I tried all of that and nothing worked. Port 179 isn´t blocked. Using tcpdump I´m able to monitor some traffic passing between pfSense and the nodes which included answer packets.
Regards
Alexander
Alexander Petrenz
unread,
Jan 15, 2023, 3:23:14 PM1/15/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to metallb-users
Assuming that this will work. What else do I need to do to reach the services in the network of the cluster? The pfSense has a WAN IP which is a separate network provided by a bridge. I can reach that directly. The Cluster nodes have their own isolated network where the pfSense acts a their gateway. Do I simply need a route on my host which says that the network of the cluster services can be reached via the pfSense?
Thanks and Best Regards
Alexander
Alexander Petrenz
unread,
Jan 22, 2023, 4:25:40 PM1/22/23
Reply to author
Sign in to reply to author
Forward
Sign in to forward
Delete
You do not have permission to delete messages in this group
Copy link
Report message
Show original message
Either email addresses are anonymous for this group or you need the view member email addresses permission to view the original message
to metallb-users
Problem solved. I deployed the FRR enabled variant of metallb and the guides I was following, were meant only for the native variant. Now I´m using the native variant and everything works.
Out of curiosity: Does someone have some guide for FRR?
Regards
Alexander
On Sunday, January 15, 2023 at 8:56:43 PM UTC+1 Alexander Petrenz wrote: