Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0002526Endian FirewallNetwork related (VPN, uplinks)public2009-12-11 20:562012-05-10 16:51
Reporternasir 
Assigned Topeter-endian 
PrioritynormalSeveritymajorReproducibilityhave not tried
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.3 
Target VersionfutureFixed in Version 
Summary0002526: fail-over between 2 static Ethernet interfaces with the same DNS resolvers (same provider) does not work
Descriptionthe setup is 2 Ethernet interfaces as main and uplink1 are working fine when they are activated and deactivated through the web interface.
But when the main link Ethernet port is disconnected (VMWARE ESXi vm) the link is reported dead but the backup link uplink1 is not used properly as reports from the main link ip address are returned as destination unreachable.

after looking around I found that if I delete one rule from the policy router
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
I can restore connectivity through the backup link.
Additional Informationip rule ---> when both links are up

0: from all lookup local
10: from all to 63.210.62.24/29 lookup main
10: from all to 63.210.32.0/24 lookup main
10: from all to 192.168.177.0/24 lookup main
10: from all to 192.168.155.0/24 lookup main
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
199: from all fwmark 0x7d8/0x7f8 lookup uplink-uplink1
200: from 63.210.62.30 lookup uplink-main
200: from 63.210.32.129 lookup uplink-uplink1
32766: from all lookup main
32767: from all lookup default


ip rule ---> when main link is dead

0: from all lookup local
10: from all to 63.210.62.24/29 lookup main
10: from all to 63.210.32.0/24 lookup main
10: from all to 192.168.177.0/24 lookup main
10: from all to 192.168.155.0/24 lookup main
199: from all fwmark 0x7e0/0x7f8 lookup uplink-main
199: from all fwmark 0x7d8/0x7f8 lookup uplink-uplink1
200: from 63.210.62.30 lookup uplink-main
200: from 63.210.32.129 lookup uplink-uplink1
32766: from all lookup main
32767: from all lookup default

ip rule ---> when main link is

0: from all lookup local
10: from all to 63.210.62.24/29 lookup main
10: from all to 63.210.32.0/24 lookup main
10: from all to 192.168.177.0/24 lookup main
10: from all to 192.168.155.0/24 lookup main
199: from all fwmark 0x7d8/0x7f8 lookup uplink-uplink1
200: from 63.210.32.129 lookup uplink-uplink1
32766: from all lookup main
32767: from all lookup default from the web
Tagspurple
Attached Files

- Relationships

-  Notes
(0003549)
nasir (reporter)
2009-12-12 01:14

After further tests, I found that the problem is only with dns resolution, and the issue is that you can not use the same dns servers for the main and the backup link as they are marked with a fwmask that force them to replay through the main link which is dead.
I believe this has to be addressed as using the same dns servers is very likely if you use 2 uplinks from the same ISP.
(0003696)
toeyhack (reporter)
2010-01-23 19:22

Hi,I also found same problem. How can I do if I use 2 uplink from same ISP ??
Can I solve this problem by use another DNS IP address ( DNS IP of another isp ) for the second uplink ??
(0003956)
peter-endian (administrator)
2010-03-05 16:58

you can use every dns resolver you want as long as they allow you to use it

those dns policyrouting rules are created in order that dns requests don't exit through the wrong uplink. many provider don't let you use their dns resolver if you don't come from an ip address of their network.

having 2 uplinks of the same provider is a good point. we should make this enforcement optional
additionally you can use one resolver on the main uplink and the other on the uplink1.
(0007860)
Danoh (reporter)
2012-05-10 16:51

This needs to be resolved. This is a BIG problem for those who use OpenDNS - we can't use OpenDNS's nameservers on both the Main and Backup uplinks.

Please fix this, it coming up on 3 years.

- Issue History
Date Modified Username Field Change
2009-12-11 20:56 nasir New Issue
2009-12-12 01:14 nasir Note Added: 0003549
2010-01-23 19:22 toeyhack Note Added: 0003696
2010-03-05 16:58 peter-endian Note Added: 0003956
2010-03-05 16:58 peter-endian Status new => confirmed
2010-09-07 16:45 luca-endian Tag Attached: purple
2010-09-21 21:11 peter-endian Target Version => future
2010-09-21 21:11 peter-endian Summary fail-over between 2 static Ethernet interfaces dos not work => fail-over between 2 static Ethernet interfaces with the same DNS resolvers (same provider) does not work
2011-02-02 10:49 luca-endian Customer Occurencies => 4-6
2011-02-03 15:52 lorenzo-endian Assigned To => peter-endian
2011-02-03 15:52 lorenzo-endian Severity minor => major
2012-05-10 16:51 Danoh Note Added: 0007860

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker