Solved

Ubiquiti EdgeRouter ERPro‑8 failing on one subnet?

Posted on 2016-11-10
9
60 Views
Last Modified: 2016-11-21
ERPro‑8 running v1.9.0 is setup as follows:
eth0 - Internet connection (ISP1)
eth1 - Internet connection (ISP2)
eth6 - 10.11.10.1/16
eth7 - 10.20.10.1/24

eth0, eth1, and eth6 have been operating fine for some time.
Added the eth7 subnet and we are trying to get pages from a web server we have hosted on eth7 but it is very erratic between it and eth0 and eth1.
Traffic between eth6 and eth7 seems fine.
Traffic between eth0, eth1, and eth6 remains good.

Have tried shutting down eth0 and just using eth1.
Have tried shutting down eth1 and just using eth0.
No change.

No QoS setup.

Any ideas?
0
Comment
Question by:Austin Texas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 2
9 Comments
 
LVL 5

Author Comment

by:Austin Texas
ID: 41884735
We are tracking down the error and think we have it narrowed down to the SSL handshake on the server itself - it hangs at "SSL_connect:SSLv2/v3 write client hello A" when interrogated with openssl -debug connect. That indicates to me that the issue is on the firewall shutting down the connection. Ideas?
0
 
LVL 5

Author Comment

by:Austin Texas
ID: 41884739
The connection to this site uses a strong protocol (TLS 1.2), an obsolete key exchange (RSA), and a strong cipher (AES_128_GCM).
0
 
LVL 44

Expert Comment

by:Jackie Man
ID: 41885738
How do you setup eth7 network?

Using the default gateway of EdgeRouter ERPro‑8?
0
Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

 
LVL 5

Author Comment

by:Austin Texas
ID: 41885795
It is using the eth0 and eth1 for load balancing gateway.  Security redacted config attached.
config_snipet.txt
0
 
LVL 44

Assisted Solution

by:Jackie Man
Jackie Man earned 500 total points
ID: 41885816
I have no experience in your question and just use common sense to look for a problem.

What I do see is on the firewall rule.

 inbound-interface eth0

 inbound-interface eth1

If you have two nics, I think it will mess up the system if one nic will point to internal IP addresses of two different subnets.

Will it be possible to make eth0 to IP address in first subnet and make eth1 to IP address in second subnet?
0
 
LVL 5

Author Comment

by:Austin Texas
ID: 41886266
That will defeat the goal of load balancing but I was already thinking that it would be a good test. We have two of these routers for redundancy so I can setup the spare from scratch and try some different configs. I think I will setup as you suggest for testing.
0
 
LVL 5

Accepted Solution

by:
Austin Texas earned 0 total points
ID: 41890210
I found the problem!

firewall in modify balance was missing from the eth7 configuration.
0
 
LVL 5

Author Closing Comment

by:Austin Texas
ID: 41895651
Thanks!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

DECT technology has become a popular standard for wireless voice communication. DECT devices are not likely to be affected by other electronic devices and signals because they operate in a separate frequency-band.
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question