Hot!SD-WAN and PPPoE

Author
alex_buric
Bronze Member
  • Total Posts : 22
  • Scores: 0
  • Reward points: 0
  • Joined: 2018/04/26 23:23:53
  • Location: Elizabeth, NJ
  • Status: offline
2019/11/04 23:06:24 (permalink)
0

SD-WAN and PPPoE

I have Fortigate 60D with FortiOS 6.06
First ISP - static IP
Second ISP - PPPoE
When I add both of them to SD-WAN and make a static route 0.0.0.0/0.0.0.0 to SD-WAN interface in routing table appear two line:
Routing table for VRF=0
S* 0.0.0.0/0 [1/0] via 193.200.32.2, ppp1
                   [1/0] via 31.128.69.193, wan2

But after few seconds (5-6) line with ppp1 interface disappearing
#1

13 Replies Related Threads

    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/05 01:07:39 (permalink)
    0
    I think problem with distance/priority.
    I can change distance for PPPoE connection, but can'n for static
    #2
    emnoc
    Expert Member
    • Total Posts : 5389
    • Scores: 353
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/05 05:19:20 (permalink)
    0
    For SDWAN you should not need to do that. 
     
    Ken Felix

    PCNSE 
    NSE 
    StrongSwan  
    #3
    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 01:49:09 (permalink)
    0
    Does anyone has same problem?
    #4
    ede_pfau
    Expert Member
    • Total Posts : 6127
    • Scores: 496
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 02:01:54 (permalink)
    0
    This behavior is correct.
    "There can only be ONE..."
    in this case, default route.
     
    What exactly is your problem with this? Do you want to prefer the PPPoE WAN connection? Then steer that with SD-WAN policy.

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #5
    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 02:17:48 (permalink)
    0
    ede_pfau
    This behavior is correct.
    "There can only be ONE..."
    in this case, default route.
     
    What exactly is your problem with this? Do you want to prefer the PPPoE WAN connection? Then steer that with SD-WAN policy.



    Behavior is incorrect.
    There is routing table from another Fortigate with four WAN uplinks in SD-WAN:
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 195.24.130.193, edge-trifle
                             [1/0] via 62.64.83.77, edge-kyivstar
                             [1/0] via 83.170.209.241, hub-kyivstar
                             [1/0] via 195.24.148.9, hub-trifle

    As you can see - all gateways have the same distance/priority and present in routing table permamently.
    But all of them a static fiber connection
     
    On another Fortigate:
    WAN1 - static fiber
    WAN2 - ADSL PPPoE
    After settings up necessary configuration routing table looks fine:
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 193.200.32.2, ppp1
                       [1/0] via 31.128.69.193, wan2

     
    But after 10-20 seconds default from ppp1 interface disappearing
    S* 0.0.0.0/0 [1/0] via 31.128.69.193, wan2
                      

     
     
     
     
     
     
     
    #6
    ede_pfau
    Expert Member
    • Total Posts : 6127
    • Scores: 496
    • Reward points: 0
    • Joined: 2004/03/09 01:20:18
    • Location: Heidelberg, Germany
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 02:23:34 (permalink)
    0
    As I said, it is correct.
    Unless you specify ALL distances and priorities with equal values - which gives you ECMP, that is load-balancing via routes.
    Question still remains unanswered: what is your goal? Use both paths? Prefer the other?

    Ede

    " Kernel panic: Aiee, killing interrupt handler!"
    #7
    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 02:35:54 (permalink)
    0
    ede_pfau
    As I said, it is correct.
    Unless you specify ALL distances and priorities with equal values - which gives you ECMP, that is load-balancing via routes.
    Question still remains unanswered: what is your goal? Use both paths? Prefer the other?



    We do not understand each other...
    I do not set any distances and priorities when I configure static connection.
    But I can set distance for DHCP or PPPoE connection. I have already played with this. Effect is the same: 10-15 seconds looks good, after that PPPoE route is absent.
     
    I have many configuration  SD-WAN configurations:
    DHCP and PPPoE - works fine
    Static and Static - works fine
    Static and PPPoE - not working
     
     
    post edited by alex_buric - 2019/11/28 02:37:28
    #8
    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 02:36:56 (permalink)
    0
    ede_pfau
    Question still remains unanswered: what is your goal? Use both paths? Prefer the other?



    My goal - use both of WAN links
    Balancing: Source-Destination IP
    #9
    localhost
    Silver Member
    • Total Posts : 81
    • Scores: 16
    • Reward points: 0
    • Joined: 2015/05/21 02:47:51
    • Location: Zug, Switzerland
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 05:51:29 (permalink)
    0
    Maybe a performance SLA is removing the pppoe route? (Network->Performance SLA)
     
    You have checked the event logs (system and router)? Perhaps its showing the reason why the route got removed.
     
    I'd also debug the pppoe connection.
     
    diag debug reset
    diag debug enable
    diag debug application pppoed -1
     
    And verify with ping the pppoe gateway is still reachable:
     
    execute ping-options interface <pppoe interface>
    execute ping <gateway ip>
     
     
    #10
    emnoc
    Expert Member
    • Total Posts : 5389
    • Scores: 353
    • Reward points: 0
    • Joined: 2008/03/20 13:30:33
    • Location: AUSTIN TX AREA
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 13:29:39 (permalink)
    0
    I had that same problem and had to update my  FortiOS. Have you done this? BUt the ppp interface should be in the route table. Also , do you have any  SDWAN link checkers enabled? Very bad outcomes can happen with ping/http status checks on SDWAN interfaces. Do keep us updated and what fortiOS version you are running.
     

    PCNSE 
    NSE 
    StrongSwan  
    #11
    Dave Hall
    Expert Member
    • Total Posts : 1542
    • Scores: 167
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 14:34:25 (permalink)
    0
    Had a similar issue with a DSL (pppoe) connection that was part of a zone (load-balancing) connection - this was running on 5.4 and the interface kept dropping until I have enabled dynamic-gateway (via static route) for the interface. 

    NSE4/FMG-VM64/FortiAnalyzer-VM/5.4/6.0 (FWF40C/FW92D/FGT200D/FGT101E)/ FAP220B/221C
    #12
    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 23:10:59 (permalink)
    0
    emnoc
    I had that same problem and had to update my  FortiOS. Have you done this? BUt the ppp interface should be in the route table. Also , do you have any  SDWAN link checkers enabled? Very bad outcomes can happen with ping/http status checks on SDWAN interfaces. Do keep us updated and what fortiOS version you are running.
     


    I have Fortigate 60D with FortiOS 6.0.7
    #13
    alex_buric
    Bronze Member
    • Total Posts : 22
    • Scores: 0
    • Reward points: 0
    • Joined: 2018/04/26 23:23:53
    • Location: Elizabeth, NJ
    • Status: offline
    Re: SD-WAN and PPPoE 2019/11/28 23:49:05 (permalink)
    0
    Debug from PPPoE
     
    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.11.29 09:42:51 =~=~=~=~=~=~=~=~=~=~=~=
    2019-11-29 09:43:32 update_interfaces()-499: New PPPoE interface wan1
    2019-11-29 09:43:32 update_interfaces()-584: PPPoE parameters of wan1 changed.
    2019-11-29 09:43:32 pppoed_main()-812: Start PPPoE interface wan1
    2019-11-29 09:43:32 pppoed_main()-815: PID of wan1 is 365
    2019-11-29 09:43:32 parameters passed to pppd:
    2019-11-29 09:43:32 pppd 2019-11-29 09:43:32 0 2019-11-29 09:43:32 pppoed 2019-11-29 09:43:32 wan1 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 nopersist 2019-11-29 09:43:32 noipdefault 2019-11-29 09:43:32 noauth 2019-11-29 09:43:32 defaultroute 2019-11-29 09:43:32 default-asyncmap 2019-11-29 09:43:32 hide-password 2019-11-29 09:43:32 nodetach 2019-11-29 09:43:32 mtu 2019-11-29 09:43:32 1492 2019-11-29 09:43:32 mru 2019-11-29 09:43:32 1492 2019-11-29 09:43:32 noaccomp 2019-11-29 09:43:32 noccp 2019-11-29 09:43:32 nobsdcomp 2019-11-29 09:43:32 nodeflate 2019-11-29 09:43:32 nopcomp 2019-11-29 09:43:32 novj 2019-11-29 09:43:32 novjccomp 2019-11-29 09:43:32 user 2019-11-29 09:43:32 t01205 2019-11-29 09:43:32 lcp-echo-interval 2019-11-29 09:43:32 5 2019-11-29 09:43:32 lcp-echo-failure 2019-11-29 09:43:32 3 2019-11-29 09:43:32 sync 2019-11-29 09:43:32 plugin 2019-11-29 09:43:32 /bin/pppoe.so 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 pppoe_retry_time 2019-11-29 09:43:32 1 2019-11-29 09:43:32 pppoe_padt_time 2019-11-29 09:43:32 1 2019-11-29 09:43:32 pppoe_srv_name 2019-11-29 09:43:32 2019-11-29 09:43:32 pppoe_ac_name 2019-11-29 09:43:32 2019-11-29 09:43:32 pppoe_hostuniq 2019-11-29 09:43:32 4a25300 2019-11-29 09:43:32 pppoe_sock2parent 2019-11-29 09:43:32 12 2019-11-29 09:43:32 wan1 2019-11-29 09:43:32 ipunnumbered 2019-11-29 09:43:32 0.0.0.0 2019-11-29 09:43:32 idle 2019-11-29 09:43:32 0 2019-11-29 09:43:32 unnumbered-negotiate 2019-11-29 09:43:32 enable 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32 2019-11-29 09:43:32
    2019-11-29 09:43:33 using channel 5
    2019-11-29 09:43:33 Using interface ppp1
    2019-11-29 09:43:33 Connect: ppp1 <--> wan1
    2019-11-29 09:43:33 Parent: pppoed

    2019-11-29 09:43:33 PPP send: LCP Configure_Request id(1) len(14) [Maximum_Received_Unit 1492] [Magic_Number 554216F6]
    2019-11-29 09:43:33 PPP recv: LCP Configure_Ack id(1) len(14) [Maximum_Received_Unit 1492] [Magic_Number 554216F6]
    2019-11-29 09:43:35 PPP recv: LCP Configure_Request id(2) len(19) [Maximum_Received_Unit 1492] [Magic_Number 67BB0C30] [Authentication_Protocol CHAP algorithm=MSCHAPv2]
    2019-11-29 09:43:35 PPP send: LCP Configure_Ack id(2) len(19) [Maximum_Received_Unit 1492] [Magic_Number 67BB0C30] [Authentication_Protocol CHAP algorithm=MSCHAPv2]
    2019-11-29 09:43:35 PPP send: LCP Echo_Request id(0) len(8) [Magic_Number 554216f6]
    2019-11-29 09:43:35 PPP recv: CHAP Challenge id(1)
    2019-11-29 09:43:35 PPP send: CHAP Response id(1)
    2019-11-29 09:43:35 PPP recv: LCP Echo_Reply id(0) len(8) [Magic_Number 67bb0c30]
    2019-11-29 09:43:35 PPP recv: CHAP Success id(1) msg(S=24F43E47D3D90AC528178CDC551B6FCE3876D125)
    2019-11-29 09:43:35 Remote message: S=24F43E47D3D90AC528178CDC551B6FCE3876D125
    2019-11-29 09:43:35 PPP send: IPCP Configure_Request id(1) [IP_Address 0.0.0.0] [Primary_DNS_IP_Address 0.0.0.0] [Secondary_DNS_IP_Address 0.0.0.0]
    2019-11-29 09:43:35 PPP recv: IPCP Configure_Request id(1) [IP_Address 193.200.32.2] [IP_Compression_Protocol Van Jacobson]
    2019-11-29 09:43:35 PPP send: IPCP Configure_Reject id(1) [IP_Compression_Protocol Van Jacobson]
    2019-11-29 09:43:35 PPP recv: IPCP Configure_Nak id(1) [IP_Address YYY.YYY.YYY.YYY] [Primary_DNS_IP_Address 8.8.8.8] [Secondary_DNS_IP_Address 193.200.32.5]
    2019-11-29 09:43:35 PPP send: IPCP Configure_Request id(2) [IP_Address YYY.YYY.YYY.YYY] [Primary_DNS_IP_Address 8.8.8.8] [Secondary_DNS_IP_Address 193.200.32.5]
    2019-11-29 09:43:35 PPP recv: IPCP Configure_Request id(2) [IP_Address 193.200.32.2]
    2019-11-29 09:43:35 PPP send: IPCP Configure_Ack id(2) [IP_Address 193.200.32.2]
    2019-11-29 09:43:35 PPP recv: IPCP Configure_Ack id(2) [IP_Address YYY.YYY.YYY.YYY] [Primary_DNS_IP_Address 8.8.8.8] [Secondary_DNS_IP_Address 193.200.32.5]
    2019-11-29 09:43:35 pppoe_read_intf_link_sock()-424: interface=ppp1 event=3
    2019-11-29 09:43:35 update_interfaces()-443: Update PPPoE interfaces
    2019-11-29 09:43:35 update_interfaces()-447: Invalidate PPPoE interface wan1
    2019-11-29 09:43:35 update_interfaces()-501: Found PPPoE interface wan1
    2019-11-29 09:43:35 update_interfaces()-584: PPPoE parameters of wan1 unchanged.
    2019-11-29 09:43:35 send_vip_arp: vd root master 1 intf wan2 ip XXX.XXX.XXX.XXX
    2019-11-29 09:43:35 send_vip_arp: vd root master 1 intf wan1 ip YYY.YYY.YYY.YYY
    2019-11-29 09:43:35 local IP address YYY.YYY.YYY.YYY
    2019-11-29 09:43:35 remote IP address 193.200.32.2
    2019-11-29 09:43:35 primary DNS address 8.8.8.8
    2019-11-29 09:43:35 secondary DNS address 193.200.32.5
    2019-11-29 09:43:40 PPP send: LCP Echo_Request id(1) len(8) [Magic_Number 554216f6]
    2019-11-29 09:43:40 PPP recv: LCP Echo_Reply id(1) len(8) [Magic_Number 67bb0c30]
    2019-11-29 09:43:45 PPP send: LCP Echo_Request id(2) len(8) [Magic_Number 554216f6]
    2019-11-29 09:43:45 PPP recv: LCP Echo_Reply id(2) len(8) [Magic_Number 67bb0c30]

     
     
    Routing table log
    =~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2019.11.29 09:43:00 =~=~=~=~=~=~=~=~=~=~=~=

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 31.128.69.193, wan2

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 193.200.32.2, wan1
                      [1/0] via 31.128.69.193, wan2

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 193.200.32.2, wan1
                      [1/0] via 31.128.69.193, wan2

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 193.200.32.2, wan1
                      [1/0] via 31.128.69.193, wan2

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 193.200.32.2, wan1
                      [1/0] via 31.128.69.193, wan2

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 193.200.32.2, ppp1
                      [1/0] via 31.128.69.193, wan2

    p1fg # get router info routing-table static
    Routing table for VRF=0
    S* 0.0.0.0/0 [1/0] via 31.128.69.193, wan2

    #14
    Jump to:
    © 2019 APG vNext Commercial Version 5.5