Failover icmp goes through wrong interface



  • i've been trying to pinpoint the reason for this issue for a while now. the changes to the load balancing/failover subsystem gave me hope for this issue, but haven't seemed to fix it.

    setup is as follows: 1x gateway dsl, 1x gateway cable, both using dhcp to obtain ip. upstream gateways are unique.

    failover pool 'one' defaults to cable, fails over to dsl. icmp packets are destined to individual ISP nameserver.
    failover pool 'two' defaults to dsl, fails over to cable. icmp packets are destined to individual ISP nameserver.

    current situation: both interfaces are flagged as 'UP'. if the cable interface (fxp4) goes down, the dsl connection will be marked as down as well. this is because icmp failover test packets for both interfaces go out the cable connection, even though they're configured for their respective connections (fxp3 for dsl, fxp4 for cable).

    sometimes, depending on the weather, the  icmp packets will properly route through their intended gateways (fxp3's icmp to its nameserver goes out fxp3, fxp4's goes out fxp4…)

    i've tried to fix this by manually adding destination routes etc. to no avail. is this a known issue? is there a way to force packet's destined for a certain connection's upstream nameserver through that connection's assigned interface?

    update:
    going into the load balancing configuration, editing a connection, clicking save (without having made any changes), and then re-applying the current settings magically makes the icmp packets go through the proper gateways. i've got a suspicion that the routes added by the load balancing config get clobbered when a new dhcp lease is obtained by the external interfaces.

    thanks,
    -matt



  • I've got the exact same problem.  After a settings change/reboot the status page for the load balancer shows everything correctly, but eventually both interfaces will be showing similar values, and in my case when OPT1 goes down, the load balancer doesn't even notice (even if i physically pull the OPT1 cable), all pings are going out the WAN interface.

    How to fix this?  Perhaps a static route for the immediate OPT1 network?  Would love some assistance.



  • bueller?



  • I've narrowed it down to the route put into the filters for the opt1 interface disappearing for some reason.  See my post here:  http://forum.pfsense.org/index.php/topic,23131.0.html  but no replies on it.. not sure if anyone has a fix for it (or is listening).



  • just a bump. i'd like to see this resolved in the next release, as i think it's a valuable feature.

    thanks,
    -matt


Log in to reply