WAN Load-Balancing. Static routes problem | Ubiquiti форум UBNT: инструкции, настройка

WAN Load-Balancing. Static routes problem

Vass

участник
10 Июн 2021
14
5
5
31
EdgeRouter Pro v2.0.9-hotfix.2.

Я настроил его в соответствии с инструкциями.

У меня есть 6 маршрутизаторов одной модели, подключенных через ipsec (+ospf) и был создан ovpn сервер для клиентов. Когда я пытаюсь настроить lb, у меня начинаются проблемы со статическими маршрутами (статические маршруты основной таблицы не работают), хотя при проверке show ip route они там есть. Больше всего интересует маршрут 10.112.0.0/16 на 10.18.229.1.

Вводимый код:
Код:
/* Subnets */
set firewall group network-group LAN_NETS network 192.168.0.0/24
set firewall group network-group LAN_NETS network 192.168.10.0/24
set firewall group network-group LAN_NETS network 192.168.11.0/24
set firewall group network-group LAN_NETS network 192.168.5.0/24
set firewall group network-group LAN_NETS network 192.168.6.0/24
set firewall group network-group LAN_NETS network 10.1.0.0/24

/* VPN subntes */
set firewall group network-group LAN_NETS network 192.168.1.0/24
set firewall group network-group LAN_NETS network 192.168.2.0/24
set firewall group network-group LAN_NETS network 192.168.3.0/24
set firewall group network-group LAN_NETS network 192.168.4.0/24
set firewall group network-group LAN_NETS network 192.168.8.0/24

/* VLAN subnets */
set firewall group network-group LAN_NETS network 10.18.229.0/24
set firewall group network-group LAN_NETS network 192.168.62.0/24
set firewall group network-group LAN_NETS network 192.168.76.0/24
set firewall group network-group LAN_NETS network 10.2.0.0/24
commit

set firewall modify balance rule 10 action modify
set firewall modify balance rule 10 destination group network-group LAN_NETS
set firewall modify balance rule 10 modify table main

set firewall modify balance rule 20 action modify
set firewall modify balance rule 20 destination group address-group ADDRv4_eth0
set firewall modify balance rule 20 modify table main

set firewall modify balance rule 30 action modify
set firewall modify balance rule 30 destination group address-group ADDRv4_eth6
set firewall modify balance rule 30 modify table main

set firewall modify balance rule 110 action modify
set firewall modify balance rule 110 modify lb-group G

/* LAN interfaces */
set interfaces ethernet eth1 firewall in modify balance
set interfaces ethernet eth3 firewall in modify balance
set interfaces ethernet eth4 firewall in modify balance
set interfaces ethernet eth7 firewall in modify balance

/* WAN interfaces */
set load-balance group G interface eth0
set load-balance group G interface eth6

set load-balance group G interface eth0 failover-only
set load-balance group G interface eth6 route-test count success 4
set load-balance group G interface eth6 route-test count failure 3
set load-balance group G interface eth6 route-test interval 5
set load-balance group G lb-local disable
LB status:
Код:
Group G
    Balance Local  : false
    Lock Local DNS : false
    Conntrack Flush: true
    Sticky Bits    : 0x00000000


  interface   : eth0
  reachable   : true
  status      : failover
  gateway     : **
  route table : 201
  weight      : 0%
  fo_priority : 60
  flows
      WAN Out   : 0
      WAN In    : 0
      Local ICMP: 131
      Local DNS : 0
      Local Data: 0


  interface   : eth6
  reachable   : true
  status      : active
  gateway     : **
  route table : 202
  weight      : 100%
  fo_priority : 100
  flows
      WAN Out   : 23028
      WAN In    : 1678
      Local ICMP: 92
      Local DNS : 0
      Local Data: 0
Show ip route:
Код:
IP Route Table for VRF "default"
S    *> 0.0.0.0/0 [50/0] via **, eth6
S       0.0.0.0/0 [100/0] via **, eth0
S       0.0.0.0/0 [200/0] via ** inactive
C    *> 0.0.0.0/24 is directly connected, vtun1
C    *> 10.1.0.0/24 is directly connected, eth7
C    *> 10.2.0.0/24 is directly connected, eth1.27
S    *> 10.17.0.0/16 [1/0] via 10.18.229.1, eth1.13
S    *> 10.18.0.0/16 [1/0] via 10.18.229.1, eth1.13
O IA *> 10.18.3.96/28 [110/11] via 10.255.28.2, vti13, 4d22h33m
O IA *> 10.18.13.64/28 [110/20] via 10.255.16.2, vti9, 15:24:23
C    *> 10.18.229.0/24 is directly connected, eth1.13
S    *> 10.26.0.0/16 [1/0] via 10.18.229.1, eth1.13
S    *> 10.112.0.0/16 [5/0] via 10.18.229.1, eth1.13
C    *> 10.255.0.0/28 is directly connected, vti0
C    *> 10.255.1.0/28 is directly connected, vti1
C    *> 10.255.2.0/28 is directly connected, vti4
C    *> 10.255.3.0/28 is directly connected, vti2
O    *> 10.255.4.0/28 [110/20] via 10.255.0.2, vti0, 4d23h42m
O    *> 10.255.5.0/28 [110/20] via 10.255.0.2, vti0, 1d19h16m
     *>               [110/20] via 10.255.8.2, vti5, 1d19h16m
O    *> 10.255.6.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
     *>               [110/20] via 10.255.1.2, vti1, 4d22h33m
O    *> 10.255.7.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
     *>               [110/20] via 10.255.0.2, vti0, 4d22h33m
C    *> 10.255.8.0/28 is directly connected, vti5
O    *> 10.255.10.0/28 [110/20] via 10.255.28.2, vti13, 1d19h16m
     *>                [110/20] via 10.255.8.2, vti5, 1d19h16m
O    *> 10.255.11.0/28 [110/20] via 10.255.16.2, vti9, 15:24:23
     *>                [110/20] via 10.255.28.2, vti13, 15:24:23
C    *> 10.255.14.0/28 is directly connected, vti7
C    *> 10.255.16.0/28 is directly connected, vti9
O    *> 10.255.17.0/28 [110/20] via 10.255.0.2, vti0, 4d23h42m
     *>                [110/20] via 10.255.1.2, vti1, 4d23h42m
C    *> 10.255.18.0/28 is directly connected, vti10
C    *> 10.255.20.0/28 is directly connected, vti12
O    *> 10.255.25.0/28 [110/20] via 10.255.16.2, vti9, 15:24:23
     *>                [110/20] via 10.255.0.2, vti0, 15:24:23
O    *> 10.255.27.0/28 [110/20] via 10.255.0.2, vti0, 1d19h16m
     *>                [110/20] via 10.255.8.2, vti5, 1d19h16m
C    *> 10.255.28.0/28 is directly connected, vti13
O    *> 10.255.29.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
     *>                [110/20] via 10.255.0.2, vti0, 4d22h33m
O    *> 10.255.30.0/28 [110/20] via 10.255.16.2, vti9, 15:24:23
     *>                [110/20] via 10.255.0.2, vti0, 15:24:23
O    *> 10.255.31.0/28 [110/20] via 10.255.28.2, vti13, 4d22h33m
     *>                [110/20] via 10.255.0.2, vti0, 4d22h33m
S    *> ** [1/0] via **, eth6
C    *> ** is directly connected, eth0
C    *> ** is directly connected, eth6
S    *> ** [1/0] via **, eth6
C    *> 127.0.0.0/8 is directly connected, lo
C    *> 172.16.1.0/24 is directly connected, vtun1
S    *> 172.22.5.4/30 [1/0] via 10.11.0.4 (recursive via ** )
S    *> ** [1/0] via ** (recursive via ** )
S    *> ** [1/0] via ** (recursive via ** )
S    *> ** [1/0] via ** (recursive via ** )
C    *> 192.168.0.0/24 is directly connected, eth1
O IA *> 192.168.1.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.2.0/24 [110/20] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.3.0/24 [110/20] via 10.255.8.2, vti5, 1d19h16m
O IA *> 192.168.4.0/24 [110/20] via 10.255.16.2, vti9, 15:24:23
C    *> 192.168.5.0/24 is directly connected, eth4
C    *> 192.168.6.0/24 is directly connected, eth4
O IA *> 192.168.7.0/24 [110/11] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.8.0/24 [110/20] via 10.255.28.2, vti13, 4d22h33m
C    *> 192.168.10.0/24 is directly connected, eth3
C    *> 192.168.11.0/24 is directly connected, eth3
O IA *> 192.168.32.0/24 [110/20] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.43.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.50.0/24 [110/20] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.53.0/24 [110/11] via 10.255.8.2, vti5, 1d19h16m
O IA *> 192.168.54.0/24 [110/20] via 10.255.16.2, vti9, 15:24:23
O IA *> 192.168.57.0/24 [110/11] via 10.255.28.2, vti13, 4d22h33m
O IA *> 192.168.58.0/24 [110/11] via 10.255.28.2, vti13, 4d22h33m
C    *> 192.168.62.0/24 is directly connected, eth1.21
C    *> 192.168.76.0/24 is directly connected, eth1.24
O IA *> 192.168.77.0/24 [110/11] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.90.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.100.0/24 [110/11] via 10.255.0.2, vti0, 4d23h42m
O IA *> 192.168.101.0/24 [110/20] via 10.255.1.2, vti1, 4d23h42m
O IA *> 192.168.104.0/24 [110/20] via 10.255.16.2, vti9, 15:24:23
O IA *> 192.168.108.0/24 [110/20] via 10.255.28.2, vti13, 4d22h33m
S    *> 192.168.135.0/24 [1/0] via 10.2.0.1, eth1.27
S    *> 195.211.29.101/32 [1/0] via ** (recursive via ** )
S    *> ** [1/0] via **, eth6
 

Вложения

Автор
V

Vass

участник
10 Июн 2021
14
5
5
31
Люди, помогите :) Уже голову сломал. Почему маршрут 10.112.0.0/16 [5/0] via 10.18.229.1, eth1.13 может не отрабатывать? Связь до 10.18.229.1 есть. В таблице main он присутствует. Подсети в группе LAN_NETS к main привязал.