Using XG on OVH dedicated server - General Routing issues

Hi,

please check the driver version you are using. Make sure that the XG interface is pointing at the virtual NIC used for the WAN interface.

Also you don't need to use routing if your setup is correct, a firewall rule will work.

Ian

Hi Ian,

could you tell me the steps I need to go through?
Sure that a FW-rule helps? Are you running a XG at OVH?

Simply delete the first entry and modify the 2nd entry like this: 0.0.0.0 0.0.0.0 Port B (interface route, because it does not point to any IP, instead to an interface)

I will try that, though I’m still unclear on how it will be able to route traffic to the internet without being aware of the “real” gateway IP ending in .254.   With your suggested config, the .254 gateway IP does not exist anywhere in the XG’s configuration.

As I suspected, after upgrading to 17.5 and deleting the second route, setting the first to an Interface route, no change, still cannot route traffic.

Let me know if I've missed anything here, desperate to get this working. Thank you.

Mhhh....did you configure the FO-IP at the WAN-Port?

Please note that the WAN-Port CANNOT exist in the zone WAN because here you need a gateway. Configure a new zone, like WAN_OVH.

I see, no I hadn’t defined a separate zone previously.  

Would you mind sharing (redacted of course) what all of your interfaces and routes look like? I want to make sure I have this right before attempting the 17.5 upgrade again.  Thanks.  

Sure, I will upload it tomorrow.

So, 10 minutes where hopefully the phone is quiet.

First on the ESXi, you need to set the security options of the vSwitch0, where the WAN is linked to, to this (but this is OVH default I mean):

(the port groups on this vSwitch will inherit that in default)

Then at the OVH management create a vMAC for the Failover-IP you wish to use at the SFOS.
Add the generated vMAC to the corresponding interface of the VM in the ESXi (set to manual, bla bla)

After install the SFOS, I configure it via a jump-desktop.
The routing mode is "this firewall" (the XG).

Then in the Web-GUI, configure a new zone like WAN_OVH.

Then go to the Interfaces and select PortB or what you want to connect to the internet and select the zone WAN_OVH, enter the IP-address (Failover IP, corresponding with the vMAC you configured in the ESXi) and select a subnetmask of /32.

Then go to Routing and add a new route:

The last step is to create a firewall rule, if you want to allow traffic to flow between whatever.


Thats it.
 

Thanks again. I built out the config precisely, unfortunately it still will not route traffic.

The only difference in our setup is that I'm on a Hyper-V host. I tried setting Port Mirroring on the vNIC to Destination, which is the most similar to Promiscuous Mode in vSphere, but no luck. 

Another observation. With this configuration in place, I can ping our OVH gateway IP (the original server IP with .254 at the end), which proves that the packets are traversing through the Hyper-V host, through the NIC, and can reach OVH's gateway. At that point they must be getting dropped.

Hi, 

Were you successful in the meantime?

Hi, 

Were you successful in the meantime?

Unfortunately no, I truly have tried everything discussed and reached a wall.  If you have any further suggestions, I'd love to give it another shot, but as of now, have no idea where to turn next.

Good morning,

By the way, have you looked at the "Failover-IP" configuration for Windows on this page?

docs.ovh.com/.../

Yes, that's exactly how I've always had my networking set up. Still had the same issues upon upgrading to v17, so I'm still running v16.