Multiple default routes/GRE

gbe0 · July 14, 2015, 7:27am

Hi,

I am running VyOS 1.1.5. I have two ISP’s. On the VyOS server, there is 2 GRE tunnels to another server, one tunnel for each ISP.

The relevant config looks like this:

Interface:

ethernet eth2 { description "VLAN Trunk - Internet Access" duplex auto hw-id 00:50:56:a1:7e:95 smp_affinity auto speed auto vif 5 { address 111.111.111.111/29 description "VL5 - Internet - Globe" firewall { local { name Firewall-Internet-Local } } } vif 6 { address 222.222.222.222/29 description "VL6 - Internet - PLDT" disable firewall { local { name Firewall-Internet-Local } } } } tunnel tun20 { address 192.168.5.10/30 description "management-gateway1.au - Globe" encapsulation gre local-ip 111.111.111.111 multicast disable remote-ip xxx.xxx.xxx.xxx } tunnel tun21 { address 192.168.5.14/30 description "management-gateway1.au - PLDT" encapsulation gre local-ip 222.222.222.222 multicast disable remote-ip xxx.xxx.xxx.xxx }

Under protocols static I have this:

route 0.0.0.0/0 { next-hop 111.111.111.112 { } next-hop 222.222.222.223 { } }

When I take a tcpdump on eth2.6 I can see traffic going out being sourced from the eth2.5 IP.

Is there a way to force the traffic from the tunnel to use the correct outgoing interface?

Thanks

Sl_vyatta_sup · July 15, 2015, 8:01pm

I think you can try with interface based static route like the one below.

set protocol static interface-route 0.0.0.0/0 next-hop-interface <interface 1>
set protocol static interface-route 0.0.0.0/0 next-hop-interface <interface 2>

gbe0 · July 15, 2015, 11:43pm

Hi,

Thanks for the suggestion. Tried that but I still see traffic going through both interfaces, about half sourced from the correct IP for that interface and the other half not.

I also tried adding the default route with the second gateway as a higher distance, all that ends up doing is moving all traffic to the single gateway unless it is down. It still results in the traffic being sourced from the wrong interface.

As a work around I can do this:

 static {
     route 0.0.0.0/0 {
         next-hop 111.111.111.112 {
         }
     }
     table 1 {
         route 0.0.0.0/0 {
             next-hop 222.222.222.223 {
             }
         }
     }
 }

Then sudo su and run:

ip rule add from 222.222.222.222 lookup 1 prio 1000

But this is not reboot safe, so I am wondering if there is a way to do this in the config?

Sl_vyatta_sup · July 16, 2015, 7:33am

Is traffic going through GRE tunnel shows correct source IPs? and traffic going through outside GRE tunnel shows wrong source IP ? is that correct?