archives

Bora anotar algumas dicas do USG já que documentação da CLI é rara.

Load balancer

checando status do LB

gutocarvalho@RoteadorUSG:~$ show load-balance status

saída exemplo

show load-balance status
Group wan_failover
  interface   : eth0
  carrier     : up
  status      : active
  gateway     : 192.168.1.1
  route table : 201
  weight      : 100%
  flows
      WAN Out : 11156
      WAN In  : 2048
    Local Out : 55

  interface   : eth2
  carrier     : up
  status      : failover
  gateway     : 192.168.22.1
  route table : 202
  weight      : 0%
  flows
      WAN Out : 1101
      WAN In  : 0
    Local Out : 27

checando métricas do load balancer

gutocarvalho@RoteadorUSG:~$ show load-balance watchdog

saída exemplo

Group wan_failover
  eth0
  status: Running
  pings: 6
  fails: 1
  run fails: 1/3
  route drops: 8
  ping gateway: ping.ubnt.com - REACHABLE
  last route drop   : Mon Feb  7 17:20:15 2022
  last route recover: Mon Feb  7 17:20:37 2022

  eth2
  status: Running
  failover-only mode
  pings: 35
  fails: 1
  run fails: 0/3
  route drops: 1
  ping gateway: ping.ubnt.com - REACHABLE
  last route drop   : Mon Feb  7 17:13:07 2022
  last route recover: Mon Feb  7 17:15:40 2022

vendo os logs

gutocarvalho@RoteadorUSG:~$ show log | grep wlb

saída exemplo

Feb  7 18:00:12 RoteadorUSG wlb: wlb-wan_failover-eth0 wlb-wan_failover-eth0 reachability failed, failover
Feb  7 18:00:12 RoteadorUSG wlb: group wan_failover, interface eth0 going Inactive
Feb  7 18:00:13 RoteadorUSG wlb: group wan_failover, interface eth2 going Active
Feb  7 18:01:06 RoteadorUSG wlb: group wan_failover, interface eth0 going Active
Feb  7 18:04:25 RoteadorUSG wlb: wlb-wan_failover-eth0 wlb-wan_failover-eth0 reachability failed, failover
Feb  7 18:04:25 RoteadorUSG wlb: group wan_failover, interface eth0 going Inactive
Feb  7 18:04:26 RoteadorUSG wlb: group wan_failover, interface eth2 going Active
Feb  7 18:04:46 RoteadorUSG wlb: group wan_failover, interface eth0 going Active
Feb  7 18:15:46 RoteadorUSG wlb: wlb-wan_failover-eth2 wlb-wan_failover-eth2 reachability failed, failover

IP saindo pela WAN2

Policy-Based Routing (PBR) is a way to force traffic to use a specific address or interface as the next-hop. When using PBR, traffic is matched on a certain criteria, for example a source IP address, and forwarded to a next-hop. On the USG models, Policy-Based Routing can be used to send specific traffic to the WAN1/WAN2 interfaces.

To route traffic out of WAN2 based on the Source Network, Destination Port and Protocol:

configure
set protocols static table 5 route 0.0.0.0/0 next-hop <IP address>
set firewall modify LOAD_BALANCE rule 2501 action modify
set firewall modify LOAD_BALANCE rule 2501 modify table 5
set firewall modify LOAD_BALANCE rule 2501 source address <IP address>
set firewall modify LOAD_BALANCE rule 2501 destination port 80,443
set firewall modify LOAD_BALANCE rule 2501 protocol tcp
commit ; exit

Policy-Based Routing can be used with either weighted or failover-only Load Balancing. When using PPPoE interfaces, create an interface-route instead with the next-hop set to the interface. For example: set protocols static table 5 interface-route 0.0.0.0/0 next-hop-interface pppoe0.

In 1st command line, the next-hop gateway address of the ISP connected to the WAN2 interface.

In 4th line, you will need to mention the source from host from VLAN/LAN for am example VLAN 2 set as 192.168.2.0/24

---

Gostou do conteúdo?

Você também me encontra nessas redes!

Mastodon

@gutocarvalho@bolha.us

PixelFed

@gutocarvalho@bolha.photos

Lemmy

@gutocarvalho@bolha.forum

WriteFreely

@gutocarvalho@bolha.blog @notamental@bolha.blog @poesias@bolha.blog @contos@bolha.blog

Bookwyrm

@gutocarvalho@bolha.review

Peertube

@gutocarvalho@bolha.tube

Friendica

@gutocarvalho@bolha.network

Quer saber mais sobre mim?

Visite meus sites!

• https://gutocarvalho.net
  • https://curriculo.gutocarvalho.net
  • https://resume.gutocarvalho.net

E meus blogs:

• https://blogs.gutocarvalho.net
• https://blogs.gutocarvalho.net/falagutera
• https://blogs.gutocarvalho.net/infra
• https://blogs.gutocarvalho.net/opiniao
• https://blogs.gutocarvalho.net/contos
• https://blogs.gutocarvalho.net/poesias
• https://blogs.gutocarvalho.net/lives
• https://blogs.gutocarvalho.net/orixas
• https://blogs.gutocarvalho.net/archives

Conhece o Coletivo Bolha?

Então vem conhecer o bolha.io ou bolhaverso!

• fediverso
  • mastodon, https://bolha.us
  • pixelfed, https://bolha.photos
  • lemmy, https://bolha.forum
  • bookwyrnm, https://bolha.review
  • writefreely, https://bolha.blog
  • peertube, https://bolha.tube
  • castopod, https://bolha.studio
  • owncast, https://bolha.stream
  • friendica, https://bolha.network
    
• chat
  • mattermost, https://mattermost.bolha.chat
  • zulip, https://zulip.bolha.chat
• vídeo
  • jitsi, https://bolha.video
    
• frontends
  • lingva, https://translate.bolha.tools
  • libremdb, https://libremdb.bolha.tools
• translations
  • libretranslate, https://libretranslate.bolha.tools
• editors
  • hedgedoc, https://notes.bolha.tools
  • draw.io, https://draw.bolha.tools
  • excalidraw, https://excalidraw.bolha.tools
  • pdf stirling, https://spdf.bolha.tools
  • wisemaping, https://mindmap.bolha.tools
  • mermaid, https://mermaid.bolha.tools
  • cryptpad, https://cryptad.bolha.tools
• secrets sharing
  • yopass, https://yopass.bolha.tools
  • password pusher, https://pusher.bolha.tools
• pastbin
  • yabin, https://yabin.bolha.tools
• terminal recorder
  • ascinnema, https://ascinemma.bolha.tools
• anti paywall
  • 13ft, https://open.bolha.tools

Nós temos muito mais para compartilhar contigo!

Quer apoiar nosso trabalho? Você pode!

• https://www.patreon.com/bolha
• https://apoia.se/bolha
• pix@bolha.us

Te vejo no mastodon da bolha.us!

[s]