[Resolvido] failover no pfsense em filiais
-
possuo um pfsense na empresa e outro na filial. Tenho 2 links metrolan para interligar as empresas. Segui os tutoriais de failover e mesmo assim não obtive êxito. Creio que pq os tutoriais são para failover de internet.
Quando tiro o cabo de um dos links eu não consigo que a filial comunique com a matriz. Só funciona se eu mudar a rota de ambos.
segue minhas config:
matriz:
lan: 10.20.0.0/21
wan1: 10.20.20.2/24
wan2: 10.20.30.2/24filial:
lan: 10.20.13.1/23
wan1: 10.20.20.3/24
wan2: 10.20.30.3/24 -
Seu texto não está muito claro…
Pelo que entendi, o que você pretende é ter redundância de firewall. Isso tem outro nome, CARP failover:
http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29Precisa dizer que para isso ambos precisam estar físicamente no mesmo local? Da mesma forma que os modems para Failover da Internet.
-
cada pfsense está em uma região. E o carp seria somente se os 2 servers estivesse no mesmo local físico para saída da internet.
a internet não sai desse pfsense em questão.. ele é somente para a interligação da filial com a matriz e usa um link lan to lan -
Continuo sem entender o que você quer. Explique-se melhor, por favor? Quem fornece essa Metrolan que você citou? Trata-se disto, conforme link abaixo?
https://en.wikipedia.org/wiki/Metro_Ethernet -
Quando tiro o cabo de um dos links eu não consigo que a filial comunique com a matriz. Só funciona se eu mudar a rota de ambos.
Acertou as regras na lan? definiu gateways na interfaces wan/metrolan? marcou a opção allow default gateway switch?
-
Talvez o que você precisa para esse cenário é usar OSPF, pode ser implementado pelo o openospf:
http://en.wikipedia.org/wiki/Open_Shortest_Path_First
http://pt.wikipedia.org/wiki/Open_Shortest_Path_FirstO pfsense oferece um package para isso.
Boa sorte !
-
Segue imagem de como é
quem fornece os links é vivo. esses links não possuem ip. Eu defino no pfsense o ip a ser utilizado. é como se fosse um "cabo" ligando a filial com a matriz. O que eu preciso fazer é que se um dos links cair, o outro assuma e não perca a conexão com a filial.
já fiz as regras de lan/metrolan e gateways e marquei a opção de gateway switch
-
a solução é OSPF como o Luiz Gustavo falou. vc tem um loop na sua estrutura..
-
tenho q instalar o ospf na filial tb?
-
-
instalei mas ainda não deu certo
-
Configuração, certeza.
-
montei um ambiente simulando o que preciso fazer aqui com uns servers antigos
matriz:
na configuração do quagga ospf eu deixei:area: 0.0.0.0
subnet to route: 10.20.0.2/21 area id: 0.0.0.0filial:
area: 0.0.0.0
subnet to route: 10.20.12.1/23 area id: 0.0.0.0status do ospf matriz:
OSPF Routing Process, Router ID: 10.20.30.2 Supports only single TOS (TOS0) routes This implementation conforms to RFC2328 RFC1583Compatibility flag is disabled OpaqueCapability flag is disabled Initial SPF scheduling delay 200 millisec(s) Minimum hold time between consecutive SPFs 1000 millisec(s) Maximum hold time between consecutive SPFs 10000 millisec(s) Hold time multiplier is currently 1 SPF algorithm last executed 7m16s ago SPF timer is inactive Refresh timer 10 secs Number of external LSA 0\. Checksum Sum 0x00000000 Number of opaque AS LSA 0\. Checksum Sum 0x00000000 Number of areas attached to this router: 1 Area ID: 0.0.0.0 (Backbone) Number of interfaces in this area: Total: 3, Active: 3 Number of fully adjacent neighbors in this area: 2 Area has no authentication SPF algorithm executed 3 times Number of LSA 4 Number of router LSA 2\. Checksum Sum 0x000159bc Number of network LSA 2\. Checksum Sum 0x00014d7c Number of summary LSA 0\. Checksum Sum 0x00000000 Number of ASBR summary LSA 0\. Checksum Sum 0x00000000 Number of NSSA LSA 0\. Checksum Sum 0x00000000 Number of opaque link LSA 0\. Checksum Sum 0x00000000 Number of opaque area LSA 0\. Checksum Sum 0x00000000 Quagga OSPF Neighbors Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.20.30.3 1 Full/Backup 33.763s 10.20.20.3 em0:10.20.20.2 0 0 0 10.20.30.3 1 Full/Backup 33.763s 10.20.30.3 em1:10.20.30.2 0 0 0 Quagga OSPF Database OSPF Router with ID (10.20.30.2) Router Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# CkSum Link count 10.20.30.2 10.20.30.2 441 0x80000009 0xafe6 3 10.20.30.3 10.20.30.3 407 0x80000009 0xa9d6 3 Net Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# CkSum 10.20.20.2 10.20.30.2 441 0x80000001 0x5e0c 10.20.30.2 10.20.30.2 441 0x80000001 0xef70 Quagga OSPF Router Database OSPF Router with ID (10.20.30.2) Router Link States (Area 0.0.0.0) LS age: 441 Options: 0x2 : *|-|-|-|-|-|E|* LS Flags: 0x3 Flags: 0x0 LS Type: router-LSA Link State ID: 10.20.30.2 Advertising Router: 10.20.30.2 LS Seq Number: 80000009 Checksum: 0xafe6 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Net: 10.20.0.0 (Link Data) Network Mask: 255.255.248.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.20.2 (Link Data) Router Interface address: 10.20.20.2 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.30.2 (Link Data) Router Interface address: 10.20.30.2 Number of TOS metrics: 0 TOS 0 Metric: 10 LS age: 407 Options: 0x2 : *|-|-|-|-|-|E|* LS Flags: 0x6 Flags: 0x0 LS Type: router-LSA Link State ID: 10.20.30.3 Advertising Router: 10.20.30.3 LS Seq Number: 80000009 Checksum: 0xa9d6 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Net: 10.20.12.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.30.2 (Link Data) Router Interface address: 10.20.30.3 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.20.2 (Link Data) Router Interface address: 10.20.20.3 Number of TOS metrics: 0 TOS 0 Metric: 10 Quagga OSPF Routes ============ OSPF network routing table ============ N 10.20.0.0/21 [10] area: 0.0.0.0 directly attached to bce0 N 10.20.12.0/23 [20] area: 0.0.0.0 via 10.20.20.3, em0 via 10.20.30.3, em1 N 10.20.20.0/24 [10] area: 0.0.0.0 directly attached to em0 N 10.20.30.0/24 [10] area: 0.0.0.0 directly attached to em1 ============ OSPF router routing table ============= ============ OSPF external routing table =========== Quagga Zebra Routes Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route O 10.20.0.0/21 [110/10] is directly connected, bce0, 00:12:02 C>* 10.20.0.0/21 is directly connected, bce0 O 10.20.12.0/23 [110/20] via 10.20.20.3, em0, 00:07:17 via 10.20.30.3, em1, 00:07:17 K>* 10.20.12.0/23 via 10.20.20.3, em0 O 10.20.20.0/24 [110/10] is directly connected, em0, 00:12:02 C>* 10.20.20.0/24 is directly connected, em0 O 10.20.30.0/24 [110/10] is directly connected, em1, 00:12:02 C>* 10.20.30.0/24 is directly connected, em1 C>* 127.0.0.0/8 is directly connected, lo0 Quagga OSPF Interfaces bce0 is up ifindex 3, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.0.1/21, Broadcast 10.20.7.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.20.30.2, Interface Address 10.20.0.1 No backup designated router on this network Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.145s Neighbor Count is 0, Adjacent neighbor count is 0 em0 is up ifindex 1, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.20.2/24, Broadcast 10.20.20.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.20.30.2, Interface Address 10.20.20.2 Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.20.3 Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.145s Neighbor Count is 1, Adjacent neighbor count is 1 em1 is up ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.30.2/24, Broadcast 10.20.30.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.20.30.2, Interface Address 10.20.30.2 Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.30.3 Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.145s Neighbor Count is 1, Adjacent neighbor count is 1 enc0 is down ifindex 6, MTU 1536 bytes, BW 0 Kbit <running>OSPF not enabled on this interface lo0 is up ifindex 7, MTU 16384 bytes, BW 0 Kbit <up,loopback,running,multicast>OSPF not enabled on this interface pflog0 is down ifindex 5, MTU 33200 bytes, BW 0 Kbit <running,promisc>OSPF not enabled on this interface pfsync0 is down ifindex 4, MTU 1460 bytes, BW 0 Kbit <running>OSPF not enabled on this interface *********************************************** ospf filial OSPF Routing Process, Router ID: 10.20.30.3 Supports only single TOS (TOS0) routes This implementation conforms to RFC2328 RFC1583Compatibility flag is disabled OpaqueCapability flag is disabled Initial SPF scheduling delay 200 millisec(s) Minimum hold time between consecutive SPFs 1000 millisec(s) Maximum hold time between consecutive SPFs 10000 millisec(s) Hold time multiplier is currently 1 SPF algorithm last executed 10m21s ago SPF timer is inactive Refresh timer 10 secs Number of external LSA 0\. Checksum Sum 0x00000000 Number of opaque AS LSA 0\. Checksum Sum 0x00000000 Number of areas attached to this router: 1 Area ID: 0.0.0.0 (Backbone) Number of interfaces in this area: Total: 3, Active: 3 Number of fully adjacent neighbors in this area: 2 Area has no authentication SPF algorithm executed 3 times Number of LSA 4 Number of router LSA 2\. Checksum Sum 0x000159bc Number of network LSA 2\. Checksum Sum 0x00014d7c Number of summary LSA 0\. Checksum Sum 0x00000000 Number of ASBR summary LSA 0\. Checksum Sum 0x00000000 Number of NSSA LSA 0\. Checksum Sum 0x00000000 Number of opaque link LSA 0\. Checksum Sum 0x00000000 Number of opaque area LSA 0\. Checksum Sum 0x00000000 Quagga OSPF Neighbors Neighbor ID Pri State Dead Time Address Interface RXmtL RqstL DBsmL 10.20.30.2 1 Full/DR 32.862s 10.20.30.2 em0:10.20.30.3 0 0 0 10.20.30.2 1 Full/DR 32.862s 10.20.20.2 em1:10.20.20.3 0 0 0 Quagga OSPF Database OSPF Router with ID (10.20.30.3) Router Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# CkSum Link count 10.20.30.2 10.20.30.2 628 0x80000009 0xafe6 3 10.20.30.3 10.20.30.3 591 0x80000009 0xa9d6 3 Net Link States (Area 0.0.0.0) Link ID ADV Router Age Seq# CkSum 10.20.20.2 10.20.30.2 628 0x80000001 0x5e0c 10.20.30.2 10.20.30.2 628 0x80000001 0xef70 Quagga OSPF Router Database OSPF Router with ID (10.20.30.3) Router Link States (Area 0.0.0.0) LS age: 628 Options: 0x2 : *|-|-|-|-|-|E|* LS Flags: 0x6 Flags: 0x0 LS Type: router-LSA Link State ID: 10.20.30.2 Advertising Router: 10.20.30.2 LS Seq Number: 80000009 Checksum: 0xafe6 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Net: 10.20.0.0 (Link Data) Network Mask: 255.255.248.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.20.2 (Link Data) Router Interface address: 10.20.20.2 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.30.2 (Link Data) Router Interface address: 10.20.30.2 Number of TOS metrics: 0 TOS 0 Metric: 10 LS age: 591 Options: 0x2 : *|-|-|-|-|-|E|* LS Flags: 0x3 Flags: 0x0 LS Type: router-LSA Link State ID: 10.20.30.3 Advertising Router: 10.20.30.3 LS Seq Number: 80000009 Checksum: 0xa9d6 Length: 60 Number of Links: 3 Link connected to: Stub Network (Link ID) Net: 10.20.12.0 (Link Data) Network Mask: 255.255.254.0 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.30.2 (Link Data) Router Interface address: 10.20.30.3 Number of TOS metrics: 0 TOS 0 Metric: 10 Link connected to: a Transit Network (Link ID) Designated Router address: 10.20.20.2 (Link Data) Router Interface address: 10.20.20.3 Number of TOS metrics: 0 TOS 0 Metric: 10 Quagga OSPF Routes ============ OSPF network routing table ============ N 10.20.0.0/21 [20] area: 0.0.0.0 via 10.20.30.2, em0 via 10.20.20.2, em1 N 10.20.12.0/23 [10] area: 0.0.0.0 directly attached to bge0 N 10.20.20.0/24 [10] area: 0.0.0.0 directly attached to em1 N 10.20.30.0/24 [10] area: 0.0.0.0 directly attached to em0 ============ OSPF router routing table ============= ============ OSPF external routing table =========== Quagga Zebra Routes Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - ISIS, B - BGP, > - selected route, * - FIB route O 10.20.0.0/21 [110/20] via 10.20.30.2, em0, 00:10:22 via 10.20.20.2, em1, 00:10:22 K>* 10.20.0.0/21 via 10.20.20.2, em1 O 10.20.12.0/23 [110/10] is directly connected, bge0, 00:10:31 C>* 10.20.12.0/23 is directly connected, bge0 O 10.20.20.0/24 [110/10] is directly connected, em1, 00:10:31 C>* 10.20.20.0/24 is directly connected, em1 O 10.20.30.0/24 [110/10] is directly connected, em0, 00:10:31 C>* 10.20.30.0/24 is directly connected, em0 C>* 127.0.0.0/8 is directly connected, lo0 Quagga OSPF Interfaces bge0 is up ifindex 3, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.13.1/23, Broadcast 10.20.13.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State DR, Priority 1 Designated Router (ID) 10.20.30.3, Interface Address 10.20.13.1 No backup designated router on this network Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.562s Neighbor Count is 0, Adjacent neighbor count is 0 em0 is up ifindex 1, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.30.3/24, Broadcast 10.20.30.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State Backup, Priority 1 Designated Router (ID) 10.20.30.2, Interface Address 10.20.30.2 Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.30.3 Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.562s Neighbor Count is 1, Adjacent neighbor count is 1 em1 is up ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.20.3/24, Broadcast 10.20.20.255, Area 0.0.0.0 MTU mismatch detection:enabled Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10 Transmit Delay is 1 sec, State Backup, Priority 1 Designated Router (ID) 10.20.30.2, Interface Address 10.20.20.2 Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.20.3 Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5 Hello due in 8.562s Neighbor Count is 1, Adjacent neighbor count is 1 enc0 is down ifindex 6, MTU 1536 bytes, BW 0 Kbit <running>OSPF not enabled on this interface lo0 is up ifindex 7, MTU 16384 bytes, BW 0 Kbit <up,loopback,running,multicast>OSPF not enabled on this interface pflog0 is down ifindex 5, MTU 33200 bytes, BW 0 Kbit <running,promisc>OSPF not enabled on this interface pfsync0 is down ifindex 4, MTU 1460 bytes, BW 0 Kbit <running>OSPF not enabled on this interface</running></running,promisc></up,loopback,running,multicast></running></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></running></running,promisc></up,loopback,running,multicast></running></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast>
-
resolvi aqui. era só tirar as rotas em system static routes
-
Coloque como resolvido.. vc usou o ospf mesmo ??
-
sim.
usei o ospf mesmo
-
usei o ospf mesmo
Se quiser e tiver tempo, poste aqui como ficou sua configuração para ajudar mais pessoas com o mesmo problema.