[FROG] FRR (5.0) on latest pfSense 2.4.4p1 doesn't insert BGP routes into the kernel

[John Antypas]

The subject basically says it all.....  I have two sites connected over an IPSEC tunnel.   Each site has its own internal routes managed by OSPF, and I am trying to exchange them by BGP.

* We know the traffic is being passed over the IPSEC tunnel, and we can see that each side does get the other's BGP routes.   We did have to install directives to allow multihop and disable-connection-checks....
* We do not see the routes being installed into the local kernel routing tables but for the life us, we can't understand why.   We see the routes come across in the BGP debug info, but it never makes it into the FIB.

Here's our BGPD.conf albeit for one side -- the other just has the AS numbers changed.

# BGP Config
router bgp 3000000
bgp router-id 10.0.0.5
redistribute connected
redistribute static
redistribute kernel
redistribute ospf

# BGP Neighbors
neighbor 192.168.101.39 remote-as 2510000
neighbor 192.168.101.39 description Aaron Martin
neighbor 192.168.101.39 update-source 10.0.0.5
address-family ipv4 unicast
neighbor 192.168.101.39 activate
neighbor 192.168.101.39 disable-connected-checks
no neighbor 192.168.101.39 send-community
neighbor 192.168.101.39 addpath-tx-bestpath-per-AS
neighbor 192.168.101.39 allowas-in
exit-address-family

And here's what we see 

BGP table version is 208559, local router ID is 10.0.0.5, vrf id 0 Status codes: s suppressed, d damped, h history, * valid, > best, = multipath, i internal, r RIB-failure, S Stale, R Removed Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self Origin codes: i - IGP, e - EGP, ? - incomplete Network Next Hop Metric LocPrf Weight Path 0.0.0.0 192.168.101.39 0 2510000 3000000 ? 192.168.101.39 0 0 2510000 ? *> 50.247.114.30 0 32768 ? 10.0.0.0 192.168.101.39 0 2510000 ? 10.0.0.0/16 192.168.101.39 0 2510000 3000000 ? *> 0.0.0.0 1 32768 ? 10.1.6.0/24 192.168.101.39 0 2510000 3000000 ? *> 0.0.0.0 1 32768 ? 10.10.10.1/32 192.168.101.39 1 0 2510000 ? 10.147.20.0/24 192.168.101.39 0 2510000 3000000 ? *> 10.0.1.5 110 32768 ? 50.247.114.16/28 192.168.101.39 0 2510000 3000000 ? *> 0.0.0.0 1 32768 ? 50.247.114.18/32 192.168.101.39 0 0 2510000 ? 64.62.134.130/32 192.168.101.39 0 2510000 3000000 ? *> 50.247.114.30 0 32768 ? 68.115.209.232/29 192.168.101.39 1 0 2510000 ? 68.115.209.237/32 192.168.101.39 0 2510000 3000000 ? *> 50.247.114.30 0 32768 ? 72.52.104.74/32 192.168.101.39 0 2510000 3000000 ? *> 50.247.114.30 0 32768 ? 172.16.0.0 192.168.101.39 0 2510000 ? 172.16.184.0/24 192.168.101.39 0 0 2510000 ? 172.16.231.0/24 192.168.101.39 1 0 2510000 ? 172.16.232.0/24 192.168.101.39 0 0 2510000 ? 172.16.238.0/24 192.168.101.39 1 0 2510000 ? 172.17.0.0 192.168.101.39 0 2510000 3000000 ? *> 10.0.1.5 110 32768 ? 172.21.0.0 192.168.101.39 0 2510000 ? 192.168.1.0 192.168.101.39 0 2510000 ? 192.168.101.39 0 0 2510000 ? 192.168.101.0 192.168.101.39 1 0 2510000 ? 192.168.101.39 0 2510000 ? 192.168.106.0 192.168.101.39 1 0 2510000 ? 192.168.101.39 0 2510000 ? 192.168.108.0 192.168.101.39 0 2510000 ? 192.168.121.0 192.168.101.39 0 2510000 ? 192.168.128.0 192.168.101.39 1 0 2510000 ? 192.168.101.39 0 2510000 ? 192.168.131.0 192.168.101.39 0 2510000 ? 192.168.132.0 192.168.101.39 0 2510000 ? 192.168.101.39 0 0 2510000 ? 192.168.148.0 192.168.101.39 1 0 2510000 ? 192.168.150.0 192.168.101.39 0 2510000 ? 192.168.228.0 192.168.101.39 0 2510000 3000000 ? *> 0.0.0.0 1 32768 ? 192.168.229.0 192.168.101.39 0 2510000 3000000 ? *> 0.0.0.0 1 32768 ? 196.101.2.0 192.168.101.39 0 2510000 ? 209.51.161.14/32 192.168.101.39 0 0 2510000 ? Displayed 33 routes and 50 total paths
Everything's there, but it never makes it into the kernel. I'm sure we've done something wrong, because I tried a different BGP-based router at the other end, and I see the connection, but again, the routes don't seem to make it into the kernel -- clearly I've broken something basic :-)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.frrouting.org/pipermail/frog/attachments/20181230/15175dd0/attachment.html>