Bug #16868
open
Static route with Alias as destination network doesn't install itself in the routing table under some conditions
0%
Description
Steps to reproduce the issue:
1) HA cluster with a routed IPSec to a remote host. IPSec tunnel source IP is the CARP;
2) Firewall alias type Network with some network in it;
3) routed IPSec assigned as the interface, resulting gateway is set as unmonitored;
4) static route with the destination set as that Firewall alias with type Network, with gateway set as routed IPSec unmonitored gateway;
5) the route is installed into the main node route table correctly;
6) trigger the failover via CARP maintenance mode. Now both nodes do not have this route in the routing table.
7) trigger the failback. Now both nodes still do not have this route in the routing table.
If you re-save that Firewall alias with type Network, the route gets installed into the routing table again.
This issue cannot be reproduced if the static route in question has a network (and not alias) as the destination network.
status outputs after the failover-failback from the test firewalls attached
CARP: 192.168.254.33
Routed IPSec gateway: 10.15.0.1
Firewall alias with type: Network test_alias_dst_route
Static route: to 192.168.33.0/24
Files
Updated by Danilo Zrenjanin 22 days ago
- Status changed from New to Confirmed
Tested against:
26.03 and 26.03.1.
I was able to reproduce this behavior in my lab.
The only difference I observed is that re-saving the Alias referenced by the static route did not restore the route in the routing table. However, re-saving and applying the static route itself caused the route to reappear in the routing table.
My testing confirms that the issue can be reproduced.