[pfSense Support] strange routing behaviour with static routes, packet leak? at least packet lost.

Wed, 31 Mar 2010 07:01:25 -0700 

Scenario 

        /----------------------cust vlan------------------\
        |                                                 |
        B                                                 B
Cust<>rsat A--vlan FW2SAT---PFsense---vlan FW2Inet---A rinet


Specific static routes defined in the pfsense to reach some remote sites
throught rsat router over the vlan FW2SAT.

Route 0/0 is configured in the pfsense to forward all the traffic over
rinet.

Rsat A and Rsat B are different interfaces of the same router
Rinet A as well Rinet B are different interfaces of the same router

Ok, this is working ok so far as we were able to see with MTR.

lds   quit           Packets               Pings
 Host              Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. 10.52.18.201    0.0%    14    0.2   0.9   0.1  10.4   2.7 < pfsense1
 2. 10.53.0.65      0.0%    14    0.5   0.4   0.4   0.6   0.1 < rsat A 
 3. 10.139.4.1      0.0%    13  567.0 609.1 550.0 676.3  40.1 < Customer

The hops are ok

But some times, after a while, without any explanation, change in the
network or dynamic routing protocol or similar the pfsense looks like it
is forwarding the traffic over rinet (A side), making this path:

                Packets               Pings
Host            Loss%   Snt   Last   Avg  Best  Wrst StDev
1. 10.52.18.201 0.0% 52734    0.3   0.1   0.1 27.5    0.6 <pfsense1
2. 10.53.0.65   0.0% 52733    1.0   0.3   0.3 100.0   2.6 <rsat A
   88.xx.yyy.195                                          <rinet B
3. 10.139.4.1   0.0% 52733  605.9 741.2   0.4 2799. 276.6 <customer
   10.51.2.57                                             <rsat B

This last behaviour is totally unexpected and incorrect in our network
and I can find any explanation for it. It also generates a non symetric
path because the TX from the pc behind pfsense1 is going thought the
incorrect path and the RX (from customer to the pc) is coming back
directly throught rsat B :-/

So far it is not having impact in the customer service but our nms is
becoming crazy sometimes because this new path -which works for a very
few packets- is not a proper way and it generates a packet lost and
alarms.

PFsense version is 1.2.2 with several vlans.
Dynamic routing over "cust vlan" is stable.
We don't consider switching layer as 3750 stacks -were the pfsenses are
connected- a problem yet.

Any idea comment or suggestion?


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Commercial support available - https://portal.pfsense.org

Reply via email to