EdgeRouter Pro v2.0.9-hotfix.2.
Я настроил его в соответствии с инструкциями.
У меня есть 6 маршрутизаторов одной модели, подключенных через ipsec (+ospf) и был создан ovpn сервер для клиентов. Когда я пытаюсь настроить lb, у меня начинаются проблемы со статическими маршрутами (статические маршруты основной таблицы не работают), хотя при проверке show ip route они там есть. Больше всего интересует маршрут 10.112.0.0/16 на 10.18.229.1.
Вводимый код:
LB status:
Show ip route:
Я настроил его в соответствии с инструкциями.
У меня есть 6 маршрутизаторов одной модели, подключенных через ipsec (+ospf) и был создан ovpn сервер для клиентов. Когда я пытаюсь настроить lb, у меня начинаются проблемы со статическими маршрутами (статические маршруты основной таблицы не работают), хотя при проверке show ip route они там есть. Больше всего интересует маршрут 10.112.0.0/16 на 10.18.229.1.
Вводимый код:
Код:
/* Subnets */
set firewall group network-group LAN_NETS network 192.168.0.0/24
set firewall group network-group LAN_NETS network 192.168.10.0/24
set firewall group network-group LAN_NETS network 192.168.11.0/24
set firewall group network-group LAN_NETS network 192.168.5.0/24
set firewall group network-group LAN_NETS network 192.168.6.0/24
set firewall group network-group LAN_NETS network 10.1.0.0/24
/* VPN subntes */
set firewall group network-group LAN_NETS network 192.168.1.0/24
set firewall group network-group LAN_NETS network 192.168.2.0/24
set firewall group network-group LAN_NETS network 192.168.3.0/24
set firewall group network-group LAN_NETS network 192.168.4.0/24
set firewall group network-group LAN_NETS network 192.168.8.0/24
/* VLAN subnets */
set firewall group network-group LAN_NETS network 10.18.229.0/24
set firewall group network-group LAN_NETS network 192.168.62.0/24
set firewall group network-group LAN_NETS network 192.168.76.0/24
set firewall group network-group LAN_NETS network 10.2.0.0/24
commit
set firewall modify balance rule 10 action modify
set firewall modify balance rule 10 destination group network-group LAN_NETS
set firewall modify balance rule 10 modify table main
set firewall modify balance rule 20 action modify
set firewall modify balance rule 20 destination group address-group ADDRv4_eth0
set firewall modify balance rule 20 modify table main
set firewall modify balance rule 30 action modify
set firewall modify balance rule 30 destination group address-group ADDRv4_eth6
set firewall modify balance rule 30 modify table main
set firewall modify balance rule 110 action modify
set firewall modify balance rule 110 modify lb-group G
/* LAN interfaces */
set interfaces ethernet eth1 firewall in modify balance
set interfaces ethernet eth3 firewall in modify balance
set interfaces ethernet eth4 firewall in modify balance
set interfaces ethernet eth7 firewall in modify balance
/* WAN interfaces */
set load-balance group G interface eth0
set load-balance group G interface eth6
set load-balance group G interface eth0 failover-only
set load-balance group G interface eth6 route-test count success 4
set load-balance group G interface eth6 route-test count failure 3
set load-balance group G interface eth6 route-test interval 5
set load-balance group G lb-local disableLB status:
Код:
Group G
Balance Local : false
Lock Local DNS : false
Conntrack Flush: true
Sticky Bits : 0x00000000
interface : eth0
reachable : true
status : failover
gateway : **
route table : 201
weight : 0%
fo_priority : 60
flows
WAN Out : 0
WAN In : 0
Local ICMP: 131
Local DNS : 0
Local Data: 0
interface : eth6
reachable : true
status : active
gateway : **
route table : 202
weight : 100%
fo_priority : 100
flows
WAN Out : 23028
WAN In : 1678
Local ICMP: 92
Local DNS : 0
Local Data: 0Show ip route:
Код:
IP Route Table for VRF "default"
S *> 0.0.0.0/0 [50/0] via **, eth6
S 0.0.0.0/0 [100/0] via **, eth0
S 0.0.0.0/0 [200/0] via ** inactive
C *> 0.0.0.0/24 is directly connected, vtun1
C *> 10.1.0.0/24 is directly connected, eth7
C *> 10.2.0.0/24 is directly connected, eth1.27
S *> 10.17.0.0/16 [1/0] via 10.18.229.1, eth1.13
S *> 10.18.0.0/16 [1/0] via 10.18.229.1, eth1.13
O IA *> 10.18.3.96/28 [110/11] via 10.255.28.2, vti13, 4d22h33m
O IA *> 10.18.13.64/28 [110/20] via 10.255.16.2, vti9, 15:24:23
C *> 10.18.229.0/24 is directly connected, eth1.13
S *> 10.26.0.0/16 [1/0] via 10.18.229.1, eth1.13
S *> 10.112.0.0/16 [5/0] via 10.18.229.1, eth1.13
C *> 10.255.0.0/28 is directly connected, vti0
C *> 10.255.1.0/28 is directly connected, vti1
C *> 10.255.2.0/28 is directly connected, vti4
C *> 10.255.3.0/28 is directly connected, vti2
O *> 10.255.4.0/28 [110/20] via 10.255.0.2, vti0, 4d23h42m
O *> 10.255.5.0/28 [110/20] via 10.255.0.2, vti0, 1d19h16m
*> [110/20] via 10.255.8.2, vti5, 1d19h16m
O *> 10.255.6.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
*> [110/20] via 10.255.1.2, vti1, 4d22h33m
O *> 10.255.7.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
*> [110/20] via 10.255.0.2, vti0, 4d22h33m
C *> 10.255.8.0/28 is directly connected, vti5
O *> 10.255.10.0/28 [110/20] via 10.255.28.2, vti13, 1d19h16m
*> [110/20] via 10.255.8.2, vti5, 1d19h16m
O *> 10.255.11.0/28 [110/20] via 10.255.16.2, vti9, 15:24:23
*> [110/20] via 10.255.28.2, vti13, 15:24:23
C *> 10.255.14.0/28 is directly connected, vti7
C *> 10.255.16.0/28 is directly connected, vti9
O *> 10.255.17.0/28 [110/20] via 10.255.0.2, vti0, 4d23h42m
*> [110/20] via 10.255.1.2, vti1, 4d23h42m
C *> 10.255.18.0/28 is directly connected, vti10
C *> 10.255.20.0/28 is directly connected, vti12
O *> 10.255.25.0/28 [110/20] via 10.255.16.2, vti9, 15:24:23
*> [110/20] via 10.255.0.2, vti0, 15:24:23
O *> 10.255.27.0/28 [110/20] via 10.255.0.2, vti0, 1d19h16m
*> [110/20] via 10.255.8.2, vti5, 1d19h16m
C *> 10.255.28.0/28 is directly connected, vti13
O *> 10.255.29.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
*> [110/20] via 10.255.0.2, vti0, 4d22h33m
O *> 10.255.30.0/28 [110/20] via 10.255.16.2, vti9, 15:24:23
*> [110/20] via 10.255.0.2, vti0, 15:24:23
O *> 10.255.31.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
*> [110/20] via 10.255.0.2, vti0, 4d22h33m
S *> ** [1/0] via **, eth6
C *> ** is directly connected, eth0
C *> ** is directly connected, eth6
S *> ** [1/0] via **, eth6
C *> 127.0.0.0/8 is directly connected, lo
C *> 172.16.1.0/24 is directly connected, vtun1
S *> 172.22.5.4/30 [1/0] via 10.11.0.4 (recursive via ** )
S *> ** [1/0] via ** (recursive via ** )
S *> ** [1/0] via ** (recursive via ** )
S *> ** [1/0] via ** (recursive via ** )
C *> 192.168.0.0/24 is directly connected, eth1
O IA *> 192.168.1.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.2.0/24 [110/20] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.3.0/24 [110/20] via 10.255.8.2, vti5, 1d19h16m
O IA *> 192.168.4.0/24 [110/20] via 10.255.16.2, vti9, 15:24:23
C *> 192.168.5.0/24 is directly connected, eth4
C *> 192.168.6.0/24 is directly connected, eth4
O IA *> 192.168.7.0/24 [110/11] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.8.0/24 [110/20] via 10.255.28.2, vti13, 4d22h33m
C *> 192.168.10.0/24 is directly connected, eth3
C *> 192.168.11.0/24 is directly connected, eth3
O IA *> 192.168.32.0/24 [110/20] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.43.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.50.0/24 [110/20] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.53.0/24 [110/11] via 10.255.8.2, vti5, 1d19h16m
O IA *> 192.168.54.0/24 [110/20] via 10.255.16.2, vti9, 15:24:23
O IA *> 192.168.57.0/24 [110/11] via 10.255.28.2, vti13, 4d22h33m
O IA *> 192.168.58.0/24 [110/11] via 10.255.28.2, vti13, 4d22h33m
C *> 192.168.62.0/24 is directly connected, eth1.21
C *> 192.168.76.0/24 is directly connected, eth1.24
O IA *> 192.168.77.0/24 [110/11] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.90.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.100.0/24 [110/11] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.101.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.104.0/24 [110/20] via 10.255.16.2, vti9, 15:24:23
O IA *> 192.168.108.0/24 [110/20] via 10.255.28.2, vti13, 4d22h33m
S *> 192.168.135.0/24 [1/0] via 10.2.0.1, eth1.27
S *> 195.211.29.101/32 [1/0] via ** (recursive via ** )
S *> ** [1/0] via **, eth6
Уже голову сломал. Почему маршрут 10.112.0.0/16 [5/0] via 10.18.229.1, eth1.13 может не отрабатывать? Связь до 10.18.229.1 есть. В таблице main он присутствует. Подсети в группе LAN_NETS к main привязал.