BGP – No Route to Host for IPs in Same Subnet Routed by BGP

I have set up BGP to do some custom routing for a subset of addresses in the range 192.168.1.0/24.

I have verified that the BGP is working by testing ping/curl on a different host in a different subnet (in the 192.168.2.0/24 range), so I think that the routing configuration is working correctly. I have also verified that the IP is accessible from pfsense.

However, pings and curls fail with a no route to host message when attempting to hit an IP from a host in the same subnet.

curl -v http://192.168.1.11
* Rebuilt URL to: http://192.168.1.11/
*   Trying 192.168.1.11...
* connect to 192.168.1.11 port 80 failed: No route to host
* Failed to connect to 192.168.1.11 port 80: No route to host
* Closing connection 0
curl: (7) Failed to connect to 192.168.1.11 port 80: No route to host

Arp is showing (incomplete) for the IP being routed to, which I though was strange but maybe is normal?

arp -n
Address                  HWtype  HWaddress           Flags Mask            Iface
192.168.1.1              ether   40:62:31:00:52:40   C                     eth0
...
192.168.1.11                     (incomplete)                              eth0

Here's the routes for a host in the subnet.

ip route
default via 192.168.1.1 dev eth0
172.17.0.0/16 dev docker0  proto kernel  scope link  src 172.17.0.1 linkdown
172.18.0.0/16 dev br-f1b94ce4ec9c  proto kernel  scope link  src 172.18.0.1 linkdown
192.168.1.0/24 dev eth0  proto kernel  scope link  src 192.168.1.154

I stumbled across a post that I thought was describing my situation, where IP redirect was causing the hosts not to use the route, but after updating the net.inet.ip.redirect and net.inet6.ip6.redirect values (and rebooting pfsense) I am still left with the same problem. Is there some way to force IPs in the same subnet to use the correct route?

Edit: Updated with network topology

Best Answer

The problem is because the destination is in the same subnet the client arps for the destination IP, not the IP of your pfsense box. By default your pfsense box does not respond to arp requests for that IP, so the traffic never reaches the pfsense box.

Normal practice is to use IPs in seperate subnets for different networks, sometimes however you are stuck with IPs you can't change.

I'm not a pfsense user myself, but I believe the fix if you really need to keep your current addressing is to add the IP to the interface on the pfsense box as a "proxy arp" IP. This will bring the traffic into the pfsense box where the /32 routes can route it.

http://pfsensesetup.com/tag/proxy-arp/

P.S. note that "no route to host" can appear in at least two different scenarios. One is where there is no route in the routing table. The other is where there is no arp response for the "next hop" IP that was determined from the routing table.

Best Answer

Related Solutions

Routing – block route being advertised to SP

BGP Subnet – Can Same Subnet Be Used in Two Locations with BGP?

Related Topic