OSPF metric help
-
Hi all,
I have successfully set up OSPF with dual OpenVPN tunnels in a Multi-WAN client/server setup.
Failover works well, I can down the active WAN, OSPF kicks in and routes OpenVPN traffic over the secondary WAN. I can happily flip between the two WAN's all day long with no problems at all.
My problem is with load balancing. Both of my OpenVPN connections are assigned to interfaces which are then assigned in OSPFd. I have given both the interfaces a metric of 10. When I start two simultaneous pings (via two seperate PC's) from Site B to Site A, traffic graphs only show one WAN being utilised.
Here's what my OSPF route table looks like:
Destination Nexthop Path Type Type Cost Uptime 0.0.0.1 10.0.9.5 Intra-Area Router 10 00:05:36 0.0.0.1 10.0.8.5 Intra-Area Router 10 00:05:29 10.0.8.6/32 10.0.9.5 Intra-Area Network 20 00:05:19 10.0.8.6/32 10.0.8.5 Intra-Area Network 20 00:05:19 10.0.9.6/32 10.0.9.5 Intra-Area Network 20 00:05:36 10.0.9.6/32 10.0.8.5 Intra-Area Network 20 00:05:29 192.168.2.0/24 10.0.9.5 Type 1 ext Network 110 00:05:36 192.168.2.0/24 10.0.8.5 Type 1 ext Network 110 00:05:29 192.168.2.1/32 10.0.9.5 Type 1 ext Network 110 00:05:36 192.168.2.1/32 10.0.8.5 Type 1 ext Network 110 00:05:29The destination subnet i'm trying to reach from the client is 192.168.2.0/24 and you can see there are two possible routes to this (10.0.8.5 and 10.0.9.5), these correspond two the two ovpnc tunnels which i've setup on the client.
Any ideas of where this is going wrong?
Cheers,
James
-
i've noticed the same thing in a similar situation.
afaik ospf only seems to add 1 route to the routingtable even tho multiple are available with same metric …. i don't know if its a impossible with bsd or if it just isn't implemented at the moment.
if you really want balancing i'm pretty sure you could create a gateway-group and balance your vpntunnels the same way you would balance WAN connections ....
create a gateway group , create firewall rule to point all traffic with destination 192.168.2.0/24 over the gateway-groupi haven't tried this myself but i believe that might work
-
Hi Heper,
I have tried the gateway group method and can confirm that load balancing does work with that, however failover doesn't. If you down the WAN that is currently associated with the active ovpnc entry in the routing table then the tunnel doesnt activate on the 2nd WAN.
OpenVPN seems to obey the routing table and not the gateway group for return traffic.
I think in order to achieve load balancing and failover for OpenVPN then a combination of gateway group and OSPF is needed, im just not sure how.
-
You can't give them both the same metric, ECMP is not supported.
-
@cmb would it be possible to implement with the next major release ?
-
if you don't absolutely need ospf it might be possible to add static routes with the gw groups …
or
wait till 'ECMP' (now i know how to call it) gets supported.
-
Forgive me for hijacking your thread. May I ask how did you configure your OSPF with failover? I did assign my OSPF, same as yours, to 2 OpenVPN interfaces with different metric. And yet when I force to down my primary link it won't failover to the backup link but the FIBs routes are updated. When I restart my OSPF service the destination subnets are now reachable. Hope you can help me with this. Thank you in advance.
pfsense version: 2.0-Release (i386)
Destination Nexthop Path Type Type Cost Uptime 192.168.3.0 192.168.30.2 Intra-Area Router 1 00:23:37 192.168.30.1/32 192.168.30.2 Intra-Area Network 2 00:23:37 192.168.103.1/32 192.168.30.2 Intra-Area Network 51 00:23:27 192.168.3.0/24 192.168.30.2 Type 1 ext Network 101 00:23:37 192.168.3.1/32 192.168.30.2 Type 1 ext Network 101 00:23:37Cheers,
Denry -
did you wait long enough (there is a timeout setting) ?
-
The OpenOSPFd package is a bit broken these days, you might give my Quagga-OSPF package a spin (after removing OpenOSPFD), settings are essentially the same between them, but Quagga appears to work much better with FreeBSD's routing tables, whereas OpenOSPFD still seems to assume it's working on OpenBSD even when running on FreeBSD…
