topic Re: Asymmetry in routes in General Topics

Asymmetry in routes

Hllrdm — Thu, 09 Mar 2023 08:19:44 GMT

We have a problem where we need to transfer traffic from the DMZ segment to another router.
We published a DMZ network via AntiDDoS systems through an R2 router. The firewall itself goes to the Internet through R1.
Traffic must be routed by the DMZ network through R2.
When we collect tcpdump we find a route asymmetry, that traffic comes from R2 and goes to R1.
We created a PBR so that traffic from the LAN goes one route and traffic to the Internet goes through router R2. I think I configured the PBR incorrectly. How to set PBR correctly, maybe there is a recommendation?

Additional information:
I set up NAT to the Internet for server x.x.x.100 through address x.x.189.14.
And also ProxyArp x.x.189.14 to aders 172.x.x.244

Re: Asymmetry in routes

G_W_Albrecht — Thu, 09 Mar 2023 08:24:07 GMT

Did you involve TAC already ?

Re: Asymmetry in routes

Hllrdm — Thu, 09 Mar 2023 09:07:49 GMT

No, I did not start SR in TAC. I wanted to learn from my colleagues. TAS usually does not help with settings of new solutions

Re: Asymmetry in routes

G_W_Albrecht — Thu, 09 Mar 2023 09:28:46 GMT

If you did follow documented processes (R81.20 Gaia Advanced Routing Administration Guide - Policy Based Routing, sk100500: Policy-Based Routing (PBR) on Gaia OS) but it does not work as expected, you can ask TAC for help. They will not perform what CP Professional Services does but will assist you in resolving the issue.

Re: Asymmetry in routes

Hllrdm — Thu, 09 Mar 2023 09:49:04 GMT

We think the PBR is working, but may have misconfigured it. Either the traffic doesn't go to PBR and we need to write the policy differently