Multiple subnets on one port
-
hello,
i have an unusual setup that requires 2 subnets on a single port. one is our new network in the 10.0.0.0/8 range and also our old 192.168.20.0/24 range. for the most part everything is working i can ping across. however we have a few servers that have address's on both subnets to allow new network access and old network access. (mostly hard-coded database stuff that is still being switched over).
one of the problems that i think we have is on a computer on the new 10.0.0.0 network access's a windows share eg \192.168.20.80 it works for about 10 seconds and then disconnects. and i believe that is because it is sending the requests to 192.168.20.80 and it is sending the response back on its 10.0.0.80 address. (this is one of the servers with 2 ip address's, one one each subnet) is this asymmetrical routing?
i have enabled the option in system > advanced > Firewall & NAT > Bypass firewall rules for traffic on the same interface but its still having issues.
hopefully that makes sense. Thanks
-
So your running multiple layer 3 networks on the same layer 2.. This just came up in another thread - this is bad, this is broken… Why are you doing it??
And you have some servers that are multi homed with addresses in both?
You say on the same port, are these networks vlans.. Or you just created a VIP on the pfsense interface?
-
we have it setup with a vip. its just a temporary solution until we can get all of our systems updated.
-
I personally wouldn't of done it that way.. If you wanted to reip your space, why not just bring up a vlan.. And just migrate your devices to the new vlan.. Once the old network is gone you could even remove the vlan and go back to all untagged native traffic if you wanted to.
Or better cleaner option just rip off the bandaid and migrate everything at once ;)
The use of temp vlan better solution all the way around. But if a conversation is started to an IP in the same network as you, the server should not answer from a different IP since it has an IP in the same IP your talking to it from.
Are you using host names to access, or dns? Where maybe your having issues with resolution of the device on the wrong network address space?
Running multiple layer 3 on same layer 2 yes is going to be ripe with problems.. I would suggest you either finish the migration like now. Or if just started, rethink it and bring up a vlan to move your devices with the new IP range.
-
personally i would have done the vlan option but some of our switches are not vlan capable. we are using dns and that's probably what is causing the issue here. im going to try and keep pushing the switch over sooner than later.
