Troubleshooting

If you implement static or dynamic routing or bridging on your network, at some point you are likely to encounter a situation that will put your troubleshooting skills to the test. We will first consider how to troubleshoot issues with routing.

The pfSense routing table is often a good place to start troubleshooting routing issues (under Diagnostics | Routes). Here, you can learn what routes exist, how they are configured, as well as how many times the route has been used. The table is divided into two sections (one for IPv4 traffic, and the other for IPv6 traffic. There are also several columns in the table. Some of the parameters in these columns are obvious, such as Destination, Use (which is the number of times a route was used), and Mtu (which is short for maximum transmission unit).

There is also a column called Flags; some of the more significant flags include the following:

  • U = RTF_UP: This is when the route is usable
  • G = RTF_GATEWAY: This is when the destination port requires forwarding by an intermediary
  • H = RTF_HOST: This entry is a host entry
  • S = RTF_STATIC: This entry was added manually

Consider the simple static routing example invoked earlier in the chapter, wherein the DMZ network's WAN interface address was 192.168.1.2 (part of the LAN subnet) and the router's LAN interface address was 192.168.2.1. Suppose a node on the DMZ subnet with an IP address of 192.168.2.3 cannot reach a node on the LAN subnet with an IP of 192.168.1.3. First, we need to consider obvious potential problems, such as an interface in shutdown mode or misconfigured interface. For example, the default gateway for 192.168.2.3 is 192.168.2.1. If it is not configured as such, then the network interface on 192.168.2.3 will not know where to send inter-network traffic.

If obvious solutions have not worked, you should try testing connectivity. In this case, you could start by pinging the gateway from the DMZ node (192.168.2.3). If the ping fails, then there is a good chance you have a local issue, such as a malfunctioning or misconfigured router. If you can ping the router, it's probably time to look elsewhere for the source of your problem.

You can use the traceroute command, which we will also discuss in the next chapter. In our simple networking example, pinging the LAN interface address (192.168.1.1) will tell us much, especially if the ping fails. Consider the following possible causes:

  • The LAN interface could be down or misconfigured
  • The static route to the DMZ is misconfigured, and pfSense does not know where to send the ping replies.

Armed with two hypotheses of the cause of the problem, we can now further narrow it down. If we try pinging 192.168.1.2 from pfSense, and it works, then the LAN interface is up. There is a good possibility the static route to the DMZ network is misconfigured.

Your network may be considerably more complex than this, but the same basic troubleshooting techniques will help you diagnose problems with static routes. Try and employ a divide-and-conquer approach to try to isolate the source of the problem, and remember that ping and traceroute are your friends. If you are using Cisco switches, then you have additional command-line utilities at your disposal; it behooves you to learn which ones are the most helpful and use them.

There are many problems that can arise if you use a dynamic routing protocol, but some of the more common ones include the following:

  • Incorrect configuration, such as a switch a port being set to down inadvertently
  • The router doesn't have enough memory to hold the routing table
  • Looping issues
  • Incompatibility between routing protocols on the network (for example, RIPv1 and RIPv2 being used on the same network

Similarly, bridging interfaces can result in a number of common issues:

  • The bridge may not be forwarding traffic. Firewall rules may be blocking traffic, or there may be so many topology changes that STP is having trouble keeping up with them.
  • There could be a storm of traffic, usually indicative of a loop.

Issues relating to routing and bridging are not always the easiest problems to diagnose and troubleshoot, but by using some common sense and simple command-line tools, you can start to focus in on the source of the problem.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
18.227.114.125