Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
577
Views
0
Helpful
3
Replies

Replacing legacy 800 serie router by RV260

MercatorIneo
Level 1
Level 1

‎06-22-2020 12:24 PM

Hello,

 

I try to replace a legacy 800 router by a brand new RV260 router. Our configuration is simple:

LAN : 192.168.2.0 -> router LAN is 192.168.2.1

WAN : 192.168.1.2 default gateway on 192.168.1.1 -> optical fiber

In our LAN, we have an OpenVPN linux server (192.168.2.150) tunelling to different sites. 

In the RV260, I've added these routes corresponding to each tunnel :

ip route 192.168.3.0 255.255.255.0 192.168.2.150
ip route 192.168.4.0 255.255.255.0 192.168.2.150
ip route 192.168.6.0 255.255.255.0 192.168.2.150
ip route 192.168.7.0 255.255.255.0 192.168.2.150
ip route 192.168.9.0 255.255.255.0 192.168.2.150
ip route 192.168.21.0 255.255.255.0 192.168.2.150
ip route 192.168.32.0 255.255.255.0 192.168.2.150
ip route 192.168.50.0 255.255.255.0 192.168.2.150

 

From the lan 192.168.2.0, pinging each machine beyonds those tunnels succeeds. But from the remote sites, the LAN 192.168.2.0 does not respond.

 

Any idea where the problem is ?

 

Thanks in advance for help.

 

Kind regards,

 

Guy

 

Labels:
0 Helpful
3 Replies 3

MercatorIneo
Level 1
Level 1

‎06-23-2020 01:56 AM

The problem is not solved. But we've understood that the problem is the following : 

- inbound traffic from remote site arrives correctly to local device in our LAN

- this device use the RV260 (192.168.2.1) as default gateway

- the routes back to remote sites configured in the router seems to be at this moment ignored.

Why ?

Regards,

Guy

0 Helpful

MercatorIneo
Level 1
Level 1
In response to MercatorIneo

‎06-30-2020 05:49 AM

Finally we understood that the routes are not applied to inward traffic bouncing on the router (default gateway). With a packet sniffer, we saw those packets on the WAN interface of the router. Seems to be a bug in the router software. We do now the routing with our HPE switches. Quite disappointing.

0 Helpful

nagrajk1969
Spotlight
Spotlight

‎05-15-2021 04:29 PM

Hi Guy

 

You should not get disappointed unnecessarily, so i though i will share my understanding. Rest is left to you if you accept it as correct or not based on logic and the working of standard network routing and forwarding process

 

Refering to your configs as described above

 

1. Say you have a lan-host with ipaddress 192.168.2.10 and its default-gw is correctly pointed to 192.168.2.1 which is the lan-ip of RV260

2. Now this lan-host sends a ping to say 192.168.3.10, so it correctly forwards this to the default-gw 192.168.2.1..

3. Now the RV260 (which has the ipaddr 192.168.2.1) has a static route for 192.168.3.0/24 pointing to 192.168.2.150 (the servergw), and becos the destination-ip of the ping packet is 192.168.3.10, it therefore forwards it to 192.168.2.150, which is again the correct behavior

 

4. Now once the server 192.168.2.150 has recieved the ping-request packet with destination 192.168.3.10, it simply forwards it on to its other interface connected to the 192.168.3.x network...this is correct

 

so far so good...right?....iam sure you will agree that the above process is exactly as per networking standards

 

Now lets look at the reply-ping from 192.168.3.10 to 192.168.2.10...

 

5. The host 192.168.3.10 will send the ping-reply to 192.168.2.10 to the servergw...we are not concerned how it arrives upto servergw;s other interface...its not important

 

6. Now on the servergw it sees that there is a ping-reply packet with src-ipaddr 192.168.3.10 and destination-ipaddr 192.168.2.10

since routing is majorly based on destination-routing...as per standard behavior

a) Server gw checks that the destination ipaddess 192.168.2.10 is in the same subnet as its own ipaddress 192.168.2.150....therefore why should it do routing for same subnet???? 

b) Instead as any network-connected ip-host, instead of routing it to its default-gw ipaddress 192.168.2.1 (which you are saying should happen), the servergw will correctly send a ARP-REQUEST broadcast on the datalink/ethernet-link...asking what is the mac-address of the ipaddress 192.168.2.10.......

c) and since 192.168.2.10 is also in the same subnet and datalink, it recieves the ARP-Request and since it is its own ipaddress, it replies by sending its mac-address to 192.168.2.150

 

7. And this is why at this point of time, the server gw is correctly behaving (and it nothing to do with the RV260 which is not at all involved any which way and not responsible for servergw behavior....which i think will very much agree) and sending the ping-reply packet directly to the lan-host 192.168.2.10 

 

8. Hence that is why you are seeing that any traffic initiated or replied by the subnets 192.168.3.0/4.0/6.0/etc TO 192.168.2.0/24 local-net would be sent directly to the lan-hosts BY THE SERVERGW...

 

9. The only time the traffic from the subnets 192.168.3.x/4.x/6.x/etc would be routed to 192.168.2.1 again by the same Server gw would be when they are sending to Internet

 

would the above info help in clarifying your doubts which are good to have. You are logically thinking and trying to understand this kind of asymmetric forwarding that is happening...

 

thanks

regards

 

 

 

0 Helpful
Customers Also Viewed These Support Documents