Router Vyatta/Vyos not routing between interfaces
i have 3 interfaces (wan+lan) and a few vif (vlans) all with their own addresses. up until recently the routing was working fine between subnets and networks. there's a zone policy which has all the vlans and lan's in the same security zone.
the point at which things get complicated is i recently added another wan to the equation using loadbalancing. and now for some reason all the subnets arent routing one to another. from themselves to the internet they work but from one to another they don't.
subnets in use:
LAN - 192.168.20.0/24
Wifi - 192.168.21.0/24
DMZ - 10.40.20.0/28
the issue is all the subnets route to the internet properly, and when pinging the router address of another subnet it responds, but when pinging an ip on another subnet it routes to the internet directly. (does not follow the route table of the router)
i have not changed anything other than the load balancing but the router isn't routing internally to other subnets.
the point at which things get complicated is i recently added another wan to the equation using loadbalancing. and now for some reason all the subnets arent routing one to another. from themselves to the internet they work but from one to another they don't.
subnets in use:
LAN - 192.168.20.0/24
Wifi - 192.168.21.0/24
DMZ - 10.40.20.0/28
the issue is all the subnets route to the internet properly, and when pinging the router address of another subnet it responds, but when pinging an ip on another subnet it routes to the internet directly. (does not follow the route table of the router)
i have not changed anything other than the load balancing but the router isn't routing internally to other subnets.
ASKER
there are default routes between the subnets (one subnet per vlan)
the cli is similar to juniper or cisco.
the router is multihomed. since the fw does not block inter vlan routing i didn't even have to set policy routing it worked as it should from the default routing table. i believe that the load balancing (wan1 wan2) uses policy based routing however i'm not sure.
the cli is similar to juniper or cisco.
the router is multihomed. since the fw does not block inter vlan routing i didn't even have to set policy routing it worked as it should from the default routing table. i believe that the load balancing (wan1 wan2) uses policy based routing however i'm not sure.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
You were correct! after going over the full vyatta manual on routing apparently load-balancing takes precedence over the route table. as such i had to have load-balancing exclude the subnets from the policy.
This can be resolved in vyatta/vyos either by using :
set load-balancing wan rule XX exclude
set load-balancing wan rule XX source address
set load-balancing wan rule XX destination address
set load-balancing wan rule XX inbound-interface
or by creating a full fledged policy based routing policy and assigning it to the specified interfaces.
This can be resolved in vyatta/vyos either by using :
set load-balancing wan rule XX exclude
set load-balancing wan rule XX source address
set load-balancing wan rule XX destination address
set load-balancing wan rule XX inbound-interface
or by creating a full fledged policy based routing policy and assigning it to the specified interfaces.
Since usually you can't set two default routes on router, I guess that you have used some form of policy based routing.
Policy based routing ignore routing table and sends packet directly to interface you specified directly from vlan interface, so in that case it will result in behavior like one you are describing.
I am not familiar with Vyatta/Vyos, so I don't really know what what your options are on specific device, but I guess that you should set first rules for packets with destination address of your local VLANs matching rule, and then you should set matching rule to any destination (everything outside local network).