Weird temporary problem with quagga routing

pfSense Packages
Log in to reply
  • R

    Hi,

    we have 2 pfsense pairs for 2 buildings… the "old" side works correctly with 2.0.1 but in new site with "2.1-BETA1 (amd64) built on Wed Feb 27 04:47:52 EST 2013" I have again and again temporary routing problems...

    The firewall slave lose his internally routes  (and very rare time also the master):

    I have e.g. our icinga/nagios monitoring on network of side 1 and we check all firewalls and network equipment  of building 2, too:

    Icinga/192.168.1.9  ->  192.168.1.1/2/3 [pfsense-pair jws1] 192.168.6.1/2/3  <=== Transfer ===> 192.168.6.11/12/13 [pfsense-pair zws8] 192.168.8.1/2/3 -> switch admin network

    If the slave 192.168.6.12 is not reachable by icinga I got this routing:

    [2.1-BETA1][root@fw2.zws8.local]/root(6): route -n get 192.168.1.9
      route to: 192.168.1.9
    destination: default
          mask: default
        gateway: xx.xx.176.254  <=public IP GW
      interface: lagg0_vlan7        <= WAN interface
          flags: <up,gateway,done,static>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
          0        0        0        0      1500        1        0

    but OSPF rooting seems allright:
    [2.1-BETA1][root@fw2.zws8.local]/root(7): vtysh -e "show ip route 192.168.1.9"
    Routing entry for 192.168.1.0/24
      Known via "ospf", distance 110, metric 20
      Last update 05:03:21 ago
        192.168.6.2, via lagg0_vlan6
        192.168.6.3, via lagg0_vlan6

    So my problem is… what take this buggy route alive ?

    It can't be an BETA problem because I hade this also on our 2.0.1-er firewalls but very rarely there:

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(2): route -n get 192.168.66.11
      route to: 192.168.66.11
    destination: default
          mask: default
        gateway: xx.xx.176.1  <= public GW
      interface: lagg0_vlan2    <= WAN interface
          flags: <up,gateway,done,static>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
          0        0        0        0      1500        1        0

    Interesting thing what helps in this cases:
    [2.0.1-RELEASE][root@fw1.jws1.local]/root(2): /etc/rc.reload_interfaces

    [2.0.1-RELEASE][root@fw1.jws1.local]/root(3): route -n get 192.168.6.11
      route to: 192.168.6.11
    destination: 192.168.6.11
        gateway: 192.168.6.12
      interface: lagg1_vlan6
          flags: <up,gateway,host,done,proto1>recvpipe  sendpipe  ssthresh  rtt,msec    mtu        weight    expire
          0        0        0        0      1500        1        0

    If OSPF is shutdown all works long time without problems.

    I found an OpenOSPF Problem/Fix and tested it out:
    http://forum.pfsense.org/index.php/topic,39995.0.html
    links to his blog:
    http://ouliakk.blogspot.com/2011/08/using-openospfd-with-freebsd-78.html

    The Fix / Workaround

    The concept is simple: create an IP alias where the network overlaps the existing IP/network.
    In our example, 192.168.11.0/24 is used to exchange OSPF information. Create an alias of 192.168.10.1/23. That way when the 192.168.11.0/24 route gets deleted, the systems will be accessible to each other over the 192.168.10.0/23 route.

    but this solution didn't help in this case :(

    Andy ideas please?

    Bests

    Reiner</up,gateway,host,done,proto1></up,gateway,done,static></up,gateway,done,static>

    0

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy