On 2017-05-22, Gregory Edigarov <[email protected]> wrote: > > > On 21.05.17 17:16, Stuart Henderson wrote: >> On 2017-05-19, Gregory Edigarov <[email protected]> wrote: >>> Hi, everybody >>> >>> I've run into a strange problem while trying to implement cisco's 'ip >>> sla' replacement for a customer. >>> >>> at an openbsd router i have >>> >>> em0: 192.168.0.1/24 - local network >>> >>> em1: 111.111.111.2/30 - uplink 1 >>> >>> em2: 222.222.222.2/30 - uplink 2 >>> >>> ip forwarding is on, routes received via bgp, everything work as expected. >>> >>> the only problem is when something happens deep inside uplink's network: >>> >>> sessions stay up, routes still present, but no traffic can pass though >>> uplink. >>> >>> BFD would help, may be, but I stick to what i have right now. >>> >>> I am trying to >>> ping -I 111.111.111.2 8.8.8.8 >>> >>> but get no answer, because route to 8.8.8.8 set through uplink2, furthermore >>> >>> i see my pings on em2 with tcpdump which seems rather strange to me, as >>> I am enforcing the interface. >>> >>> if i ping 8.8.8.8 the normal way "it works" (tm). >>> >>> pinging with -I 222.222.222.2 works too. >>> >>> so ? >>> >>> perhaps I am overlooking something very-very basic, so help me to get >>> off the brake. >> ping -I doesn't enforce the interface, all it does is set the source >> address. You could enforce with a PF route-to rule if you like. > well, it's ok, but then I will need to switch rules every time like: > ping uplink1, switch pf rule, ping, switch..... which is not good. > but may be i will be able to implement something with multiple routing > tables.... > anyway thanks, Stuart.
No need to switch rules, you can use a rule like "pass out from vlan123:0 route-to 192.0.2.1@vlan123".
