[Resolvido] failover no pfsense em filiais



  • possuo um pfsense na empresa e outro na filial. Tenho 2 links metrolan para interligar as empresas. Segui os tutoriais de failover e mesmo assim não obtive êxito. Creio que pq os tutoriais são para failover de internet.

    Quando tiro o cabo de um dos links eu não consigo que a filial comunique com a matriz. Só funciona se eu mudar a rota de ambos.

    segue minhas config:

    matriz:

    lan: 10.20.0.0/21
    wan1: 10.20.20.2/24
    wan2: 10.20.30.2/24

    filial:
    lan: 10.20.13.1/23
    wan1: 10.20.20.3/24
    wan2: 10.20.30.3/24



  • Seu texto não está muito claro…
    Pelo que entendi, o que você pretende é ter redundância de firewall. Isso tem outro nome, CARP failover:
    http://doc.pfsense.org/index.php/Configuring_pfSense_Hardware_Redundancy_%28CARP%29

    Precisa dizer que para isso ambos precisam estar físicamente no mesmo local? Da mesma forma que os modems para Failover da Internet.



  • cada pfsense está em uma região. E o carp seria somente se os 2 servers estivesse no mesmo local físico para saída da internet.
    a internet não sai desse pfsense em questão.. ele é somente para a interligação da filial com a matriz e usa um link lan to lan



  • Continuo sem entender o que você quer. Explique-se melhor, por favor? Quem fornece essa Metrolan que você citou? Trata-se disto, conforme link abaixo?
    https://en.wikipedia.org/wiki/Metro_Ethernet



  • @OneKill:

    Quando tiro o cabo de um dos links eu não consigo que a filial comunique com a matriz. Só funciona se eu mudar a rota de ambos.

    Acertou as regras na lan? definiu gateways na interfaces wan/metrolan? marcou a opção allow default gateway switch?



  • Talvez o que você precisa para esse cenário é usar OSPF, pode ser implementado pelo o openospf:

    http://en.wikipedia.org/wiki/Open_Shortest_Path_First
    http://pt.wikipedia.org/wiki/Open_Shortest_Path_First

    O pfsense oferece um package para isso.

    Boa sorte !



  • Segue imagem de como é

    136000/radio-135071.jpg

    quem fornece os links é vivo. esses links não possuem ip. Eu defino no pfsense o ip a ser utilizado. é como se fosse um "cabo" ligando a filial com a matriz. O que eu preciso fazer é que se um dos links cair, o outro assuma e não perca a conexão com a filial.

    já fiz as regras de lan/metrolan e gateways e marquei a opção de gateway switch



  • a solução é OSPF como o Luiz Gustavo falou. vc tem um loop na sua estrutura..



  • tenho q instalar o ospf na filial tb?





  • instalei mas ainda não deu certo



  • Configuração, certeza.



  • montei um ambiente simulando o que preciso fazer aqui com uns servers antigos

    matriz:
    na configuração do quagga ospf eu deixei:

    area: 0.0.0.0
    subnet to route: 10.20.0.2/21 area id: 0.0.0.0

    filial:

    area: 0.0.0.0
    subnet to route: 10.20.12.1/23 area id: 0.0.0.0

    status do ospf matriz:

    
     OSPF Routing Process, Router ID: 10.20.30.2
     Supports only single TOS (TOS0) routes
     This implementation conforms to RFC2328
     RFC1583Compatibility flag is disabled
     OpaqueCapability flag is disabled
     Initial SPF scheduling delay 200 millisec(s)
     Minimum hold time between consecutive SPFs 1000 millisec(s)
     Maximum hold time between consecutive SPFs 10000 millisec(s)
     Hold time multiplier is currently 1
     SPF algorithm last executed 7m16s ago
     SPF timer is inactive
     Refresh timer 10 secs
     Number of external LSA 0\. Checksum Sum 0x00000000
     Number of opaque AS LSA 0\. Checksum Sum 0x00000000
     Number of areas attached to this router: 1
    
     Area ID: 0.0.0.0 (Backbone)
       Number of interfaces in this area: Total: 3, Active: 3
       Number of fully adjacent neighbors in this area: 2
       Area has no authentication
       SPF algorithm executed 3 times
       Number of LSA 4
       Number of router LSA 2\. Checksum Sum 0x000159bc
       Number of network LSA 2\. Checksum Sum 0x00014d7c
       Number of summary LSA 0\. Checksum Sum 0x00000000
       Number of ASBR summary LSA 0\. Checksum Sum 0x00000000
       Number of NSSA LSA 0\. Checksum Sum 0x00000000
       Number of opaque link LSA 0\. Checksum Sum 0x00000000
       Number of opaque area LSA 0\. Checksum Sum 0x00000000
    
    Quagga OSPF Neighbors
    
        Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
    10.20.30.3        1 Full/Backup       33.763s 10.20.20.3      em0:10.20.20.2           0     0     0
    10.20.30.3        1 Full/Backup       33.763s 10.20.30.3      em1:10.20.30.2           0     0     0
    
    Quagga OSPF Database
    
           OSPF Router with ID (10.20.30.2)
    
                    Router Link States (Area 0.0.0.0)
    
    Link ID         ADV Router      Age  Seq#       CkSum  Link count
    10.20.30.2      10.20.30.2       441 0x80000009 0xafe6 3
    10.20.30.3      10.20.30.3       407 0x80000009 0xa9d6 3
    
                    Net Link States (Area 0.0.0.0)
    
    Link ID         ADV Router      Age  Seq#       CkSum
    10.20.20.2      10.20.30.2       441 0x80000001 0x5e0c
    10.20.30.2      10.20.30.2       441 0x80000001 0xef70
    
    Quagga OSPF Router Database
    
           OSPF Router with ID (10.20.30.2)
    
                    Router Link States (Area 0.0.0.0)
    
      LS age: 441
      Options: 0x2  : *|-|-|-|-|-|E|*
      LS Flags: 0x3  
      Flags: 0x0
      LS Type: router-LSA
      Link State ID: 10.20.30.2 
      Advertising Router: 10.20.30.2
      LS Seq Number: 80000009
      Checksum: 0xafe6
      Length: 60
       Number of Links: 3
    
        Link connected to: Stub Network
         (Link ID) Net: 10.20.0.0
         (Link Data) Network Mask: 255.255.248.0
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.20.2
         (Link Data) Router Interface address: 10.20.20.2
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.30.2
         (Link Data) Router Interface address: 10.20.30.2
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
      LS age: 407
      Options: 0x2  : *|-|-|-|-|-|E|*
      LS Flags: 0x6  
      Flags: 0x0
      LS Type: router-LSA
      Link State ID: 10.20.30.3 
      Advertising Router: 10.20.30.3
      LS Seq Number: 80000009
      Checksum: 0xa9d6
      Length: 60
       Number of Links: 3
    
        Link connected to: Stub Network
         (Link ID) Net: 10.20.12.0
         (Link Data) Network Mask: 255.255.254.0
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.30.2
         (Link Data) Router Interface address: 10.20.30.3
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.20.2
         (Link Data) Router Interface address: 10.20.20.3
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
    Quagga OSPF Routes
    
    ============ OSPF network routing table ============
    N    10.20.0.0/21          [10] area: 0.0.0.0
                               directly attached to bce0
    N    10.20.12.0/23         [20] area: 0.0.0.0
                               via 10.20.20.3, em0
                               via 10.20.30.3, em1
    N    10.20.20.0/24         [10] area: 0.0.0.0
                               directly attached to em0
    N    10.20.30.0/24         [10] area: 0.0.0.0
                               directly attached to em1
    
    ============ OSPF router routing table =============
    
    ============ OSPF external routing table ===========
    
    Quagga Zebra Routes
    
    Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
           I - ISIS, B - BGP, > - selected route, * - FIB route
    
    O   10.20.0.0/21 [110/10] is directly connected, bce0, 00:12:02
    C>* 10.20.0.0/21 is directly connected, bce0
    O   10.20.12.0/23 [110/20] via 10.20.20.3, em0, 00:07:17
                               via 10.20.30.3, em1, 00:07:17
    K>* 10.20.12.0/23 via 10.20.20.3, em0
    O   10.20.20.0/24 [110/10] is directly connected, em0, 00:12:02
    C>* 10.20.20.0/24 is directly connected, em0
    O   10.20.30.0/24 [110/10] is directly connected, em1, 00:12:02
    C>* 10.20.30.0/24 is directly connected, em1
    C>* 127.0.0.0/8 is directly connected, lo0
    
    Quagga OSPF Interfaces
    
    bce0 is up
      ifindex 3, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.0.1/21, Broadcast 10.20.7.255, Area 0.0.0.0
      MTU mismatch detection:enabled
      Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State DR, Priority 1
      Designated Router (ID) 10.20.30.2, Interface Address 10.20.0.1
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 8.145s
      Neighbor Count is 0, Adjacent neighbor count is 0
    em0 is up
      ifindex 1, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.20.2/24, Broadcast 10.20.20.255, Area 0.0.0.0
      MTU mismatch detection:enabled
      Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State DR, Priority 1
      Designated Router (ID) 10.20.30.2, Interface Address 10.20.20.2
      Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.20.3
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 8.145s
      Neighbor Count is 1, Adjacent neighbor count is 1
    em1 is up
      ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.30.2/24, Broadcast 10.20.30.255, Area 0.0.0.0
      MTU mismatch detection:enabled
      Router ID 10.20.30.2, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State DR, Priority 1
      Designated Router (ID) 10.20.30.2, Interface Address 10.20.30.2
      Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.30.3
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 8.145s
      Neighbor Count is 1, Adjacent neighbor count is 1
    enc0 is down
      ifindex 6, MTU 1536 bytes, BW 0 Kbit <running>OSPF not enabled on this interface
    lo0 is up
      ifindex 7, MTU 16384 bytes, BW 0 Kbit <up,loopback,running,multicast>OSPF not enabled on this interface
    pflog0 is down
      ifindex 5, MTU 33200 bytes, BW 0 Kbit <running,promisc>OSPF not enabled on this interface
    pfsync0 is down
      ifindex 4, MTU 1460 bytes, BW 0 Kbit <running>OSPF not enabled on this interface
    
    ***********************************************
    
    ospf filial
    
     OSPF Routing Process, Router ID: 10.20.30.3
     Supports only single TOS (TOS0) routes
     This implementation conforms to RFC2328
     RFC1583Compatibility flag is disabled
     OpaqueCapability flag is disabled
     Initial SPF scheduling delay 200 millisec(s)
     Minimum hold time between consecutive SPFs 1000 millisec(s)
     Maximum hold time between consecutive SPFs 10000 millisec(s)
     Hold time multiplier is currently 1
     SPF algorithm last executed 10m21s ago
     SPF timer is inactive
     Refresh timer 10 secs
     Number of external LSA 0\. Checksum Sum 0x00000000
     Number of opaque AS LSA 0\. Checksum Sum 0x00000000
     Number of areas attached to this router: 1
    
     Area ID: 0.0.0.0 (Backbone)
       Number of interfaces in this area: Total: 3, Active: 3
       Number of fully adjacent neighbors in this area: 2
       Area has no authentication
       SPF algorithm executed 3 times
       Number of LSA 4
       Number of router LSA 2\. Checksum Sum 0x000159bc
       Number of network LSA 2\. Checksum Sum 0x00014d7c
       Number of summary LSA 0\. Checksum Sum 0x00000000
       Number of ASBR summary LSA 0\. Checksum Sum 0x00000000
       Number of NSSA LSA 0\. Checksum Sum 0x00000000
       Number of opaque link LSA 0\. Checksum Sum 0x00000000
       Number of opaque area LSA 0\. Checksum Sum 0x00000000
    
    Quagga OSPF Neighbors
    
        Neighbor ID Pri State           Dead Time Address         Interface            RXmtL RqstL DBsmL
    10.20.30.2        1 Full/DR           32.862s 10.20.30.2      em0:10.20.30.3           0     0     0
    10.20.30.2        1 Full/DR           32.862s 10.20.20.2      em1:10.20.20.3           0     0     0
    
    Quagga OSPF Database
    
           OSPF Router with ID (10.20.30.3)
    
                    Router Link States (Area 0.0.0.0)
    
    Link ID         ADV Router      Age  Seq#       CkSum  Link count
    10.20.30.2      10.20.30.2       628 0x80000009 0xafe6 3
    10.20.30.3      10.20.30.3       591 0x80000009 0xa9d6 3
    
                    Net Link States (Area 0.0.0.0)
    
    Link ID         ADV Router      Age  Seq#       CkSum
    10.20.20.2      10.20.30.2       628 0x80000001 0x5e0c
    10.20.30.2      10.20.30.2       628 0x80000001 0xef70
    
    Quagga OSPF Router Database
    
           OSPF Router with ID (10.20.30.3)
    
                    Router Link States (Area 0.0.0.0)
    
      LS age: 628
      Options: 0x2  : *|-|-|-|-|-|E|*
      LS Flags: 0x6  
      Flags: 0x0
      LS Type: router-LSA
      Link State ID: 10.20.30.2 
      Advertising Router: 10.20.30.2
      LS Seq Number: 80000009
      Checksum: 0xafe6
      Length: 60
       Number of Links: 3
    
        Link connected to: Stub Network
         (Link ID) Net: 10.20.0.0
         (Link Data) Network Mask: 255.255.248.0
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.20.2
         (Link Data) Router Interface address: 10.20.20.2
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.30.2
         (Link Data) Router Interface address: 10.20.30.2
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
      LS age: 591
      Options: 0x2  : *|-|-|-|-|-|E|*
      LS Flags: 0x3  
      Flags: 0x0
      LS Type: router-LSA
      Link State ID: 10.20.30.3 
      Advertising Router: 10.20.30.3
      LS Seq Number: 80000009
      Checksum: 0xa9d6
      Length: 60
       Number of Links: 3
    
        Link connected to: Stub Network
         (Link ID) Net: 10.20.12.0
         (Link Data) Network Mask: 255.255.254.0
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.30.2
         (Link Data) Router Interface address: 10.20.30.3
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
        Link connected to: a Transit Network
         (Link ID) Designated Router address: 10.20.20.2
         (Link Data) Router Interface address: 10.20.20.3
          Number of TOS metrics: 0
           TOS 0 Metric: 10
    
    Quagga OSPF Routes
    
    ============ OSPF network routing table ============
    N    10.20.0.0/21          [20] area: 0.0.0.0
                               via 10.20.30.2, em0
                               via 10.20.20.2, em1
    N    10.20.12.0/23         [10] area: 0.0.0.0
                               directly attached to bge0
    N    10.20.20.0/24         [10] area: 0.0.0.0
                               directly attached to em1
    N    10.20.30.0/24         [10] area: 0.0.0.0
                               directly attached to em0
    
    ============ OSPF router routing table =============
    
    ============ OSPF external routing table ===========
    
    Quagga Zebra Routes
    
    Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF,
           I - ISIS, B - BGP, > - selected route, * - FIB route
    
    O   10.20.0.0/21 [110/20] via 10.20.30.2, em0, 00:10:22
                              via 10.20.20.2, em1, 00:10:22
    K>* 10.20.0.0/21 via 10.20.20.2, em1
    O   10.20.12.0/23 [110/10] is directly connected, bge0, 00:10:31
    C>* 10.20.12.0/23 is directly connected, bge0
    O   10.20.20.0/24 [110/10] is directly connected, em1, 00:10:31
    C>* 10.20.20.0/24 is directly connected, em1
    O   10.20.30.0/24 [110/10] is directly connected, em0, 00:10:31
    C>* 10.20.30.0/24 is directly connected, em0
    C>* 127.0.0.0/8 is directly connected, lo0
    
    Quagga OSPF Interfaces
    
    bge0 is up
      ifindex 3, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.13.1/23, Broadcast 10.20.13.255, Area 0.0.0.0
      MTU mismatch detection:enabled
      Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State DR, Priority 1
      Designated Router (ID) 10.20.30.3, Interface Address 10.20.13.1
      No backup designated router on this network
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 8.562s
      Neighbor Count is 0, Adjacent neighbor count is 0
    em0 is up
      ifindex 1, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.30.3/24, Broadcast 10.20.30.255, Area 0.0.0.0
      MTU mismatch detection:enabled
      Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State Backup, Priority 1
      Designated Router (ID) 10.20.30.2, Interface Address 10.20.30.2
      Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.30.3
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 8.562s
      Neighbor Count is 1, Adjacent neighbor count is 1
    em1 is up
      ifindex 2, MTU 1500 bytes, BW 0 Kbit <up,broadcast,running,simplex,multicast>Internet Address 10.20.20.3/24, Broadcast 10.20.20.255, Area 0.0.0.0
      MTU mismatch detection:enabled
      Router ID 10.20.30.3, Network Type BROADCAST, Cost: 10
      Transmit Delay is 1 sec, State Backup, Priority 1
      Designated Router (ID) 10.20.30.2, Interface Address 10.20.20.2
      Backup Designated Router (ID) 10.20.30.3, Interface Address 10.20.20.3
      Multicast group memberships: OSPFAllRouters OSPFDesignatedRouters
      Timer intervals configured, Hello 10s, Dead 40s, Wait 40s, Retransmit 5
        Hello due in 8.562s
      Neighbor Count is 1, Adjacent neighbor count is 1
    enc0 is down
      ifindex 6, MTU 1536 bytes, BW 0 Kbit <running>OSPF not enabled on this interface
    lo0 is up
      ifindex 7, MTU 16384 bytes, BW 0 Kbit <up,loopback,running,multicast>OSPF not enabled on this interface
    pflog0 is down
      ifindex 5, MTU 33200 bytes, BW 0 Kbit <running,promisc>OSPF not enabled on this interface
    pfsync0 is down
      ifindex 4, MTU 1460 bytes, BW 0 Kbit <running>OSPF not enabled on this interface</running></running,promisc></up,loopback,running,multicast></running></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></running></running,promisc></up,loopback,running,multicast></running></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast></up,broadcast,running,simplex,multicast> 
    


  • resolvi aqui. era só tirar as rotas em system static routes



  • Coloque como resolvido.. vc usou o ospf mesmo ??



  • sim.

    usei o ospf mesmo



  • @OneKill:

    usei o ospf mesmo

    Se quiser e tiver tempo, poste aqui como ficou sua configuração para ajudar mais pessoas com o mesmo problema.


Log in to reply