So when running:
delete load-balancing
routing to that network works fine from VLAN33 - VLAN69,
Here are the other load-balancing rules, I cant see what would make it route out bond0.4000 apart from possibly rule 1033
load-balancing wan rules
set load-balancing wan disable-source-nat
set load-balancing wan flush-connections
set load-balancing wan hook ‘/config/scripts/wan-failover.script’
set load-balancing wan interface-health bond0.4000 failure-count ‘4’
set load-balancing wan interface-health bond0.4000 nexthop ‘xxx.xxx.131.225’
set load-balancing wan interface-health bond0.4000 success-count ‘10’
set load-balancing wan interface-health bond0.4000 test 0 resp-time ‘3’
set load-balancing wan interface-health bond0.4000 test 0 target ‘xxx.xxx.131.225’
set load-balancing wan interface-health bond0.4000 test 0 type ‘ping’
set load-balancing wan rule 1 description ‘Dont load-balance RFC1918 traffic on eth - 10.0.0.0/8’
set load-balancing wan rule 1 destination address ‘10.0.0.0/8’
set load-balancing wan rule 1 exclude
set load-balancing wan rule 1 inbound-interface ‘eth+’
set load-balancing wan rule 2 description ‘Dont load-balance RFC1918 traffic on eth - 172.16.0.0/12’
set load-balancing wan rule 2 destination address ‘172.16.0.0/12’
set load-balancing wan rule 2 exclude
set load-balancing wan rule 2 inbound-interface ‘eth+’
set load-balancing wan rule 3 description ‘Dont load-balance RFC1918 traffic on eth - 192.168.0.0/16’
set load-balancing wan rule 3 destination address ‘192.168.0.0/16’
set load-balancing wan rule 3 exclude
set load-balancing wan rule 3 inbound-interface ‘eth+’
set load-balancing wan rule 4 description ‘Dont load-balance RFC1918 traffic on bond - 10.0.0.0/8’
set load-balancing wan rule 4 destination address ‘10.0.0.0/8’
set load-balancing wan rule 4 exclude
set load-balancing wan rule 4 inbound-interface ‘bond+’
set load-balancing wan rule 5 description ‘Dont load-balance RFC1918 traffic on bond - 172.16.0.0/12’
set load-balancing wan rule 5 destination address ‘172.16.0.0/12’
set load-balancing wan rule 5 exclude
set load-balancing wan rule 5 inbound-interface ‘bond+’
set load-balancing wan rule 6 description ‘Dont load-balance RFC1918 traffic on bond - 192.168.0.0/16’
set load-balancing wan rule 6 destination address ‘192.168.0.0/16’
set load-balancing wan rule 6 exclude
set load-balancing wan rule 6 inbound-interface ‘bond+’
set load-balancing wan rule 7 description ‘Dont load-balance RFC1918 traffic on tun - 10.0.0.0/8’
set load-balancing wan rule 7 destination address ‘10.0.0.0/8’
set load-balancing wan rule 7 exclude
set load-balancing wan rule 7 inbound-interface ‘vtun+’
set load-balancing wan rule 8 description ‘Dont load-balance RFC1918 traffic on tun - 172.16.0.0/12’
set load-balancing wan rule 8 destination address ‘172.16.0.0/12’
set load-balancing wan rule 8 exclude
set load-balancing wan rule 8 inbound-interface ‘vtun+’
set load-balancing wan rule 9 description ‘Dont load-balance RFC1918 traffic on tun - 192.168.0.0/16’
set load-balancing wan rule 9 destination address ‘192.168.0.0/16’
set load-balancing wan rule 9 exclude
set load-balancing wan rule 9 inbound-interface ‘vtun+’
set load-balancing wan rule 10 description ‘Dont load-balance RFC1918 traffic on vti - 10.0.0.0/8’
set load-balancing wan rule 10 destination address ‘10.0.0.0/8’
set load-balancing wan rule 10 exclude
set load-balancing wan rule 10 inbound-interface ‘vti+’
set load-balancing wan rule 11 description ‘Dont load-balance RFC1918 traffic on vti - 172.16.0.0/12’
set load-balancing wan rule 11 destination address ‘172.16.0.0/12’
set load-balancing wan rule 11 exclude
set load-balancing wan rule 11 inbound-interface ‘vti+’
set load-balancing wan rule 12 description ‘Dont load-balance RFC1918 traffic on vti - 192.168.0.0/16’
set load-balancing wan rule 12 destination address ‘192.168.0.0/16’
set load-balancing wan rule 12 exclude
set load-balancing wan rule 12 inbound-interface ‘vti+’
set load-balancing wan rule 13 destination address ‘xxx.xxx.160.96/27’
set load-balancing wan rule 13 exclude
set load-balancing wan rule 13 inbound-interface ‘any’
set load-balancing wan rule 1033 failover
set load-balancing wan rule 1033 inbound-interface ‘bond0.33’
set load-balancing wan rule 1033 interface bond0.4000 weight ‘100’
set load-balancing wan rule 1033 protocol ‘all’
set load-balancing wan sticky-connections inbound
as when loadbalance is on, get two routing tables:
local-oliverkelly@firewall-1.m3:~$ show ip route table allCodes: K - kernel route, C - connected, S - static, R - RIP,O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,T - Table, v - VNC, V - VNC-Direct, A - Babel, F - PBR,f - OpenFabric,> - selected route, * - FIB route, q - queued, r - rejected, b - backupt - trapped, o - offload failure
VRF default table 201:
K>* 0.0.0.0/0 [0/0] via xxx.xxx.131.225, bond0.4000, 00:08:40
VRF default table 254:
S>* 0.0.0.0/0 [201/0] via xxx.xxx.131.225, bond0.4000, weight 1, 04w5d19h…
C>* 10.85.33.0/24 is directly connected, bond0.33, 08w0d16h
C>* 10.85.69.0/29 is directly connected, bond0.69, 08w0d16h
C>* xxx.xxx.160.96/27 is directly connected, bond0.69, 02w1d15h