Scenario
/----------------------cust vlan------------------\
| |
B B
Cust<>rsat A--vlan FW2SAT---PFsense---vlan FW2Inet---A rinet
Specific static routes defined in the pfsense to reach some remote sites
throught rsat router over the vlan FW2SAT.
Route 0/0 is configured in the pfsense to forward all the traffic over
rinet.
Rsat A and Rsat B are different interfaces of the same router
Rinet A as well Rinet B are different interfaces of the same router
Ok, this is working ok so far as we were able to see with MTR.
lds quit Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 10.52.18.201 0.0% 14 0.2 0.9 0.1 10.4 2.7 < pfsense1
2. 10.53.0.65 0.0% 14 0.5 0.4 0.4 0.6 0.1 < rsat A
3. 10.139.4.1 0.0% 13 567.0 609.1 550.0 676.3 40.1 < Customer
The hops are ok
But some times, after a while, without any explanation, change in the
network or dynamic routing protocol or similar the pfsense looks like it
is forwarding the traffic over rinet (A side), making this path:
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 10.52.18.201 0.0% 52734 0.3 0.1 0.1 27.5 0.6 <pfsense1
2. 10.53.0.65 0.0% 52733 1.0 0.3 0.3 100.0 2.6 <rsat A
88.xx.yyy.195 <rinet B
3. 10.139.4.1 0.0% 52733 605.9 741.2 0.4 2799. 276.6 <customer
10.51.2.57 <rsat B
This last behaviour is totally unexpected and incorrect in our network
and I can find any explanation for it. It also generates a non symetric
path because the TX from the pc behind pfsense1 is going thought the
incorrect path and the RX (from customer to the pc) is coming back
directly throught rsat B :-/
So far it is not having impact in the customer service but our nms is
becoming crazy sometimes because this new path -which works for a very
few packets- is not a proper way and it generates a packet lost and
alarms.
PFsense version is 1.2.2 with several vlans.
Dynamic routing over "cust vlan" is stable.
We don't consider switching layer as 3750 stacks -were the pfsenses are
connected- a problem yet.
Any idea comment or suggestion?
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
Commercial support available - https://portal.pfsense.org