Two VRRP problem
-
Hello all,
I have HQ site and remote site, both site between connecting OSPF with 4 routers, two routers on HQ site and another two routers on remote site, OSPF is for redundancy, because one line is 4MB and one line is 10MB, HQ site also have two LAN 172.16.0.0/16 and 172.18.0.0/16 that connected two LAN ports, we want 172.16.0.0/16 route to 4MB line and 172.18.0.0/16 route to 10MB line.
We are trying to create two VRRP in two routers on HQ site, pfSense created another port called remote site port 192.168.2.254/24 to connect two VRRP, VRRP1 192.168.2.253/24 and VRRP2 192.168.2.252, VRRP1 will route to 4MB line and VRRP2 will route to 10MB line, but we tried only 172.16.0.0/16 can route to 4MB line, but 172.18.0.0/16 can't route to 10MB line.
We have tested one PC connected in remote site port subnet, this PC GW is 192.168.2.253 that can route to 10MB line, also we tried Firewall Rules with GW 192.168.2.253 on 172.18.0.0/16 LAN still not working.
Please can someone help?
Thanks
-
@leiw Please post a network diagram and relevant ip addresses and configuration.
-
This post is deleted! -
@netblues Please see below network diagram, thanks.
-
I know how to do it, first remove default gateway VRRP 192.168.2.252/24 (this will route to 10MB line) in Remote Site Lan (192.1682.254/24), and then add Firewall Rules with default gateway 192.168.2.252 on 172.16.0.0/16 LAN1, also add Firewall Rules with default gateway 192.168.2.253 on 172.18.0.0/16 LAN2.
-
In hq are you sure you have two lans? They overlapp. (/16) and are rather big.
Yes, you can send specific traffic to specific gw with policy routing.
As for the return packets, at remote site lan you also need to have some policy routing so packets return the same way.
You can do it at the ospf level, but it is starting to get complicated.I would eliminate ospf altogheter, direct connect two pf at sites and do assymetric load balance for the two links.