[Resolvido] failover no pfsense em filiais

OneKill

cada pfsense está em uma região. E o carp seria somente se os 2 servers estivesse no mesmo local físico para saída da internet.
a internet não sai desse pfsense em questão.. ele é somente para a interligação da filial com a matriz e usa um link lan to lan

johnnybe

Continuo sem entender o que você quer. Explique-se melhor, por favor? Quem fornece essa Metrolan que você citou? Trata-se disto, conforme link abaixo?
https://en.wikipedia.org/wiki/Metro_Ethernet

marcelloc

@OneKill:

Quando tiro o cabo de um dos links eu não consigo que a filial comunique com a matriz. Só funciona se eu mudar a rota de ambos.

Acertou as regras na lan? definiu gateways na interfaces wan/metrolan? marcou a opção allow default gateway switch?

lgcosta

Talvez o que você precisa para esse cenário é usar OSPF, pode ser implementado pelo o openospf:

http://en.wikipedia.org/wiki/Open_Shortest_Path_First
http://pt.wikipedia.org/wiki/Open_Shortest_Path_First

O pfsense oferece um package para isso.

Boa sorte !

OneKill

Segue imagem de como é

quem fornece os links é vivo. esses links não possuem ip. Eu defino no pfsense o ip a ser utilizado. é como se fosse um "cabo" ligando a filial com a matriz. O que eu preciso fazer é que se um dos links cair, o outro assuma e não perca a conexão com a filial.

já fiz as regras de lan/metrolan e gateways e marquei a opção de gateway switch

mantunespb

a solução é OSPF como o Luiz Gustavo falou. vc tem um loop na sua estrutura..

OneKill

tenho q instalar o ospf na filial tb?

mantunespb

http://forum.pfsense.org/index.php?topic=39995.0

OneKill

instalei mas ainda não deu certo

johnnybe

Configuração, certeza.

OneKill

montei um ambiente simulando o que preciso fazer aqui com uns servers antigos

matriz:
na configuração do quagga ospf eu deixei:

area: 0.0.0.0
subnet to route: 10.20.0.2/21 area id: 0.0.0.0

filial:

area: 0.0.0.0
subnet to route: 10.20.12.1/23 area id: 0.0.0.0

status do ospf matriz:

 OSPF Routing Process, Router ID: 10.20.30.2
 Supports only single TOS (TOS0) routes
 This implementation conforms to RFC2328
 RFC1583Compatibility flag is disabled
 OpaqueCapability flag is disabled
 Initial SPF scheduling delay 200 millisec(s)
 Minimum hold time between consecutive SPFs 1000 millisec(s)
 Maximum hold time between consecutive SPFs 10000 millisec(s)
 Hold time multiplier is currently 1
 SPF algorithm last executed 7m16s ago
 SPF timer is inactive
 Refresh timer 10 secs
 Number of external LSA 0\. Checksum Sum 0x00000000
 Number of opaque AS LSA 0\. Checksum Sum 0x00000000
 Number of areas attached to this router: 1

 Area ID: 0.0.0.0 (Backbone)
   Number of interfaces in this area: Total: 3, Active: 3
   Number of fully adjacent neighbors in this area: 2
   Area has no authentication
   SPF algorithm executed 3 times
   Number of LSA 4
   Number of router LSA 2\. Checksum Sum 0x000159bc
   Number of network LSA 2\. Checksum Sum 0x00014d7c
   Number of summary LSA 0\. Checksum Sum 0x00000000
   Number of ASBR summary LSA 0\. Checksum Sum 0x00000000
   Number of NSSA LSA 0\. Checksum Sum 0x00000000
   Number of opaque link LSA 0\. Checksum Sum 0x00000000
   Number of opaque area LSA 0\. Checksum Sum 0x00000000

Quagga OSPF Neighbors

    Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.20.30.3        1 Full/Backup       33.763s 10.20.20.3      em0:10.20.20.2           0     0     0
10.20.30.3        1 Full/Backup       33.763s 10.20.30.3      em1:10.20.30.2           0     0     0

Quagga OSPF Database

       OSPF Router with ID (10.20.30.2)

                Router Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.20.30.2      10.20.30.2       441 0x80000009 0xafe6 3
10.20.30.3      10.20.30.3       407 0x80000009 0xa9d6 3

                Net Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum
10.20.20.2      10.20.30.2       441 0x80000001 0x5e0c
10.20.30.2      10.20.30.2       441 0x80000001 0xef70

Quagga OSPF Router Database

       OSPF Router with ID (10.20.30.2)

                Router Link States (Area 0.0.0.0)

  LS age: 441
  Options: 0x2  : *|-|-|-|-|-|E|*
  LS Flags: 0x3  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.20.30.2 
  Advertising Router: 10.20.30.2
  LS Seq Number: 80000009
  Checksum: 0xafe6
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Net: 10.20.0.0
     (Link Data) Network Mask: 255.255.248.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.20.2
     (Link Data) Router Interface address: 10.20.20.2
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.30.2
     (Link Data) Router Interface address: 10.20.30.2
      Number of TOS metrics: 0
       TOS 0 Metric: 10

  LS age: 407
  Options: 0x2  : *|-|-|-|-|-|E|*
  LS Flags: 0x6  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.20.30.3 
  Advertising Router: 10.20.30.3
  LS Seq Number: 80000009
  Checksum: 0xa9d6
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Net: 10.20.12.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.30.2
     (Link Data) Router Interface address: 10.20.30.3
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.20.2
     (Link Data) Router Interface address: 10.20.20.3
      Number of TOS metrics: 0
       TOS 0 Metric: 10

Quagga OSPF Routes

============ OSPF network routing table ============
N    10.20.0.0/21          [10] area: 0.0.0.0
                           directly attached to bce0
N    10.20.12.0/23         [20] area: 0.0.0.0
                           via 10.20.20.3, em0
                           via 10.20.30.3, em1
N    10.20.20.0/24         [10] area: 0.0.0.0
                           directly attached to em0
N    10.20.30.0/24         [10] area: 0.0.0.0
                           directly attached to em1

============ OSPF router routing table =============

============ OSPF external routing table ===========

Quagga Zebra Routes

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O   10.20.0.0/21 [110/10] is directly connected, bce0, 00:12:02
C>* 10.20.0.0/21 is directly connected, bce0
O   10.20.12.0/23 [110/20] via 10.20.20.3, em0, 00:07:17
                           via 10.20.30.3, em1, 00:07:17
K>* 10.20.12.0/23 via 10.20.20.3, em0
O   10.20.20.0/24 [110/10] is directly connected, em0, 00:12:02
C>* 10.20.20.0/24 is directly connected, em0
O   10.20.30.0/24 [110/10] is directly connected, em1, 00:12:02
C>* 10.20.30.0/24 is directly connected, em1
C>* 127.0.0.0/8 is directly connected, lo0

Quagga OSPF Interfaces

bce0 is up
  ifindex 3, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.0.1/21, Broadcast 10.20.7.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.20.30.2, Interface Address 10.20.0.1
  No backup designated router on this network
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.145s
  Neighbor Count is 0, Adjacent neighbor count is 0
em0 is up
  ifindex 1, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.20.2/24, Broadcast 10.20.20.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.20.30.2, Interface Address 10.20.20.2
  Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.20.3
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.145s
  Neighbor Count is 1, Adjacent neighbor count is 1
em1 is up
  ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.30.2/24, Broadcast 10.20.30.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.20.30.2, Interface Address 10.20.30.2
  Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.30.3
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.145s
  Neighbor Count is 1, Adjacent neighbor count is 1
enc0 is down
  ifindex 6, MTU 1536 bytes, BW 0 Kbit <running>OSPF not enabled on this interface
lo0 is up
  ifindex 7, MTU 16384 bytes, BW 0 Kbit <up,loopback,running,multicast>OSPF not enabled on this interface
pflog0 is down
  ifindex 5, MTU 33200 bytes, BW 0 Kbit <running,promisc>OSPF not enabled on this interface
pfsync0 is down
  ifindex 4, MTU 1460 bytes, BW 0 Kbit <running>OSPF not enabled on this interface

***********************************************

ospf filial

 OSPF Routing Process, Router ID: 10.20.30.3
 Supports only single TOS (TOS0) routes
 This implementation conforms to RFC2328
 RFC1583Compatibility flag is disabled
 OpaqueCapability flag is disabled
 Initial SPF scheduling delay 200 millisec(s)
 Minimum hold time between consecutive SPFs 1000 millisec(s)
 Maximum hold time between consecutive SPFs 10000 millisec(s)
 Hold time multiplier is currently 1
 SPF algorithm last executed 10m21s ago
 SPF timer is inactive
 Refresh timer 10 secs
 Number of external LSA 0\. Checksum Sum 0x00000000
 Number of opaque AS LSA 0\. Checksum Sum 0x00000000
 Number of areas attached to this router: 1

 Area ID: 0.0.0.0 (Backbone)
   Number of interfaces in this area: Total: 3, Active: 3
   Number of fully adjacent neighbors in this area: 2
   Area has no authentication
   SPF algorithm executed 3 times
   Number of LSA 4
   Number of router LSA 2\. Checksum Sum 0x000159bc
   Number of network LSA 2\. Checksum Sum 0x00014d7c
   Number of summary LSA 0\. Checksum Sum 0x00000000
   Number of ASBR summary LSA 0\. Checksum Sum 0x00000000
   Number of NSSA LSA 0\. Checksum Sum 0x00000000
   Number of opaque link LSA 0\. Checksum Sum 0x00000000
   Number of opaque area LSA 0\. Checksum Sum 0x00000000

Quagga OSPF Neighbors

    Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
10.20.30.2        1 Full/DR           32.862s 10.20.30.2      em0:10.20.30.3           0     0     0
10.20.30.2        1 Full/DR           32.862s 10.20.20.2      em1:10.20.20.3           0     0     0

Quagga OSPF Database

       OSPF Router with ID (10.20.30.3)

                Router Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum  Link count
10.20.30.2      10.20.30.2       628 0x80000009 0xafe6 3
10.20.30.3      10.20.30.3       591 0x80000009 0xa9d6 3

                Net Link States (Area 0.0.0.0)

Link ID         ADV Router      Age  Seq#       CkSum
10.20.20.2      10.20.30.2       628 0x80000001 0x5e0c
10.20.30.2      10.20.30.2       628 0x80000001 0xef70

Quagga OSPF Router Database

       OSPF Router with ID (10.20.30.3)

                Router Link States (Area 0.0.0.0)

  LS age: 628
  Options: 0x2  : *|-|-|-|-|-|E|*
  LS Flags: 0x6  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.20.30.2 
  Advertising Router: 10.20.30.2
  LS Seq Number: 80000009
  Checksum: 0xafe6
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Net: 10.20.0.0
     (Link Data) Network Mask: 255.255.248.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.20.2
     (Link Data) Router Interface address: 10.20.20.2
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.30.2
     (Link Data) Router Interface address: 10.20.30.2
      Number of TOS metrics: 0
       TOS 0 Metric: 10

  LS age: 591
  Options: 0x2  : *|-|-|-|-|-|E|*
  LS Flags: 0x3  
  Flags: 0x0
  LS Type: router-LSA
  Link State ID: 10.20.30.3 
  Advertising Router: 10.20.30.3
  LS Seq Number: 80000009
  Checksum: 0xa9d6
  Length: 60
   Number of Links: 3

    Link connected to: Stub Network
     (Link ID) Net: 10.20.12.0
     (Link Data) Network Mask: 255.255.254.0
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.30.2
     (Link Data) Router Interface address: 10.20.30.3
      Number of TOS metrics: 0
       TOS 0 Metric: 10

    Link connected to: a Transit Network
     (Link ID) Designated Router address: 10.20.20.2
     (Link Data) Router Interface address: 10.20.20.3
      Number of TOS metrics: 0
       TOS 0 Metric: 10

Quagga OSPF Routes

============ OSPF network routing table ============
N    10.20.0.0/21          [20] area: 0.0.0.0
                           via 10.20.30.2, em0
                           via 10.20.20.2, em1
N    10.20.12.0/23         [10] area: 0.0.0.0
                           directly attached to bge0
N    10.20.20.0/24         [10] area: 0.0.0.0
                           directly attached to em1
N    10.20.30.0/24         [10] area: 0.0.0.0
                           directly attached to em0

============ OSPF router routing table =============

============ OSPF external routing table ===========

Quagga Zebra Routes

Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
       I - ISIS, B - BGP, > - selected route, * - FIB route

O   10.20.0.0/21 [110/20] via 10.20.30.2, em0, 00:10:22
                          via 10.20.20.2, em1, 00:10:22
K>* 10.20.0.0/21 via 10.20.20.2, em1
O   10.20.12.0/23 [110/10] is directly connected, bge0, 00:10:31
C>* 10.20.12.0/23 is directly connected, bge0
O   10.20.20.0/24 [110/10] is directly connected, em1, 00:10:31
C>* 10.20.20.0/24 is directly connected, em1
O   10.20.30.0/24 [110/10] is directly connected, em0, 00:10:31
C>* 10.20.30.0/24 is directly connected, em0
C>* 127.0.0.0/8 is directly connected, lo0

Quagga OSPF Interfaces

bge0 is up
  ifindex 3, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.13.1/23, Broadcast 10.20.13.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State DR, Priority 1
  Designated Router (ID) 10.20.30.3, Interface Address 10.20.13.1
  No backup designated router on this network
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.562s
  Neighbor Count is 0, Adjacent neighbor count is 0
em0 is up
  ifindex 1, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.30.3/24, Broadcast 10.20.30.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State Backup, Priority 1
  Designated Router (ID) 10.20.30.2, Interface Address 10.20.30.2
  Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.30.3
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.562s
  Neighbor Count is 1, Adjacent neighbor count is 1
em1 is up
  ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.20.3/24, Broadcast 10.20.20.255, Area 0.0.0.0
  MTU mismatch detection:enabled
  Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10
  Transmit Delay is 1 sec, State Backup, Priority 1
  Designated Router (ID) 10.20.30.2, Interface Address 10.20.20.2
  Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.20.3
  Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
  Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
    Hello due in 8.562s
  Neighbor Count is 1, Adjacent neighbor count is 1
enc0 is down
  ifindex 6, MTU 1536 bytes, BW 0 Kbit <running>OSPF not enabled on this interface
lo0 is up
  ifindex 7, MTU 16384 bytes, BW 0 Kbit <up,loopback,running,multicast>OSPF not enabled on this interface
pflog0 is down
  ifindex 5, MTU 33200 bytes, BW 0 Kbit <running,promisc>OSPF not enabled on this interface
pfsync0 is down
  ifindex 4, MTU 1460 bytes, BW 0 Kbit <running>OSPF not enabled on this interface</running></running,promisc></up,loopback,running,multicast></running></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></running></running,promisc></up,loopback,running,multicast></running></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast> 

OneKill

resolvi aqui. era só tirar as rotas em system static routes

mantunespb

Coloque como resolvido.. vc usou o ospf mesmo ??

OneKill

sim.

usei o ospf mesmo

marcelloc

@OneKill:

usei o ospf mesmo

Se quiser e tiver tempo, poste aqui como ficou sua configuração para ajudar mais pessoas com o mesmo problema.