Bug #5661
closed
Gateways should be able to use the same alternative monitor IP
Added by badon _ over 8 years ago.
Updated over 8 years ago.
Description
In "System: Gateways: Edit gateway", if you enter an alternative monitor IP that is also configured for another gateway, pfSense refuses it with the following error message:
The following input errors were detected:
The monitor IP address "xxx.xxx.xxx.xxx" is already in use. You must choose a different monitor IP.
Sometimes I want to use the same monitor IP for various reasons, and this should not be prevented. IF there is a technical reason why it might not be recommended, that can be explained, but it should still allow me to use whatever I want to use. One reason I want to be able to use the same monitor IP is so I can gauge the performance of different internal network segments at a glance on the status page.
See also:
https://redmine.pfsense.org/issues/1189
- Status changed from New to Rejected
This has been covered multiple times in multiple similar tickets. Setting an IP address as a monitor IP address adds a static route in the OS routing table so the traffic leaves via the proper interface and gateway. You cannot have multiple routes for the same destination IP address active at the same time.
aside from the difficulties Jim noted, it's also a really bad practice to rely on a single IP (even anycasted) for determining the availability of > 1 WAN. You don't want to do that.
Actually, I DO want to do that. Also, the same destination but different origin are distinct from each other. If there is a technical limitation that can't handle that, either it needs to be worked-around, or it needs to be fixed eventually. I can dynamically ping via any interface I want without needing OS-level static routes, why can't apinger do that too? Some easy examples:
ping -S 192.168.0.2 8.8.8.8
ping -S 192.168.1.2 8.8.8.8
I'm guessing there might be other reasons why you need a complex solution for a simple problem (pinging an IP), but maybe at some point the issues blocking this can be simplified so they can ping any arbitrary monitor IP. If necessary, maybe a quick and dirty workaround would be to have the gateways take turns pinging their monitor IP's, so only 1 route is in operation at a time.
the problem is you must hit the IP via multiple WANs simultaneously to allow that. As things currently stand, that's impossible. Multi-FIB support at some point in the future might allow this. Until that point, it's not possible (and something like changing routes around would be insane and no doubt buggy).
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by