Linux, FreeBSD, Juniper, Cisco / Network security articles and troubleshooting guides

FreeBSD - multiple routing tables

To enable multiple routing tables in FreeBSD, kernel needs recompiled with the number of routing table it should host. Following kernel option needs to be added to kernel file:


So 4 routing tables in my case. To verify number of routing tables supported by FreeBSD kernel, use sysctl:


Let's look at other FIB (should be called read) related sysctls:


From FreeBSD manual:


The most interesting one is "add_addr_allfibs" which controls whether or not to add direct routes for an interface to all FIBs (all routing tables). Example of behavior:


FIB 1 has no routes. If I create a vlan interface and assign it an IP address (without selecting the FIB number), it will be added to all FIBs:


What I did above was to create a vlan201 tagged vlan interface, bring it up and assign an IP address to it, all in the default routing table. Having the net.add_addr_allfibs sysctl enabled, it allowed me to add direct routes (/24) to all routing tables.

Same test, but with the sysctl disabled:


And the direct /24 routes are not in FIB1 and FIB2.

What is this good for ? Well it helps when you want to send traffic which destined for em0 via em1 interface. Using a single routing table, or direct routes in all FIBs, will make the FreeBSD kernel use the loopback interface to send packets sourced with IP of em1 to IP of em0, but with multiple routing tables and the sysctl disabled, you can easily send via one interface (it can be vlan interface or physical interface) through the external network and have it returned on another interface, sending the reply through the last interface (ping request via em0, reply via em1, or syn via em0, syn+ack via em1).

Note, for TCP/UDP, support for FIB needs to be used (nginx uses "setfib" configuration stanza) or daemon needs to be started under that FIB number.