Static routing oddness

Hi,

I am routing the addresses in a /24 down from our core routers to a pair of vyos routers running 1.4, as a bunch of /27 routes. When traffic for these addresses arrives at vyos it then hits one of a bunch of static routes which sends it on into a private network and to the relevant VM. That’s all been working well for some time. I’ve recently moved on to needing to route down the next /24 and am seeing something strange. Traffic to these addresses arrives at vyos fine but instead of doing the same as the previous ranges and going static-route → private VM address the traffic seems to just disappear! I can see the packets arriving on the right vrrp address on the external facing interface but a capture shows them just arriving and not being replied to.

Example:

222.222.222.0/27, 222.222.222.32/27 etc all route to 111.111.111.111.10 and hit a rule like

set protocols static route 222.222.222.2/32 next-hop 10.10.10.10

When I try to do the same for

222.222.223.0/27, 222.222.223.32/27 etc it’s as though the packets never hit the rule at

set protocols static route 222.222.223.2/32 next-hop 10.10.10.10

and just disappear. I’ve done a significant amount of tracing, debugging etc and am starting to think this could only be caused by a bug. Am I missing something obvious?

Could you paste the full section of that “set protocols” by output of “show config commands | strip-private” (or if possible without that strip-private part if you paste just the “set protocols” parts and they dont contain anything sensitive in your case)?

What does “sh ip route” show?
Do you have a legacy NAT rule in the router that references the 10.10.10.10 address?
No input firewall rules that might be dropping the traffic?

Thanks both, I’ve now found that there’s a firewall group which needs the additional /24 adding to it for that traffic to be able to pass across the interfaces. Thank you for your prompt replies :slight_smile:

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.