From: Peter Rabbitson <rabbit@rabbit.us>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Redundant internet connections.
Date: Thu, 21 Jun 2007 16:00:49 +0000 [thread overview]
Message-ID: <467AA0B1.1070603@rabbit.us> (raw)
In-Reply-To: <467A2354.1070805@riverviewtech.net>
Grant Taylor wrote:
> On 06/21/07 10:35, Peter Rabbitson wrote:
>> I don't know about any working in-kernel solutions, but you can do it
>> trivially with netfilter and a cronjob:
>
> <snip>
>
> If I understand what you are proposing correctly, it looks like you are
> jumping to a sub-chain used used only for counting traffic. If the
> counters show traffic, you are saying that traffic is flowing across the
> link and thus the link must be up and functional. Right?
Almost correct
> If the link is not up and functional the take action to not use that link.
This is not something I do automatically in netfilter - it is a
responsibility of the cron job.
> I'm also not clearly understanding how matching the source IP will work
> on either link considering that both links will have the capability to
> pass traffic for the same globally routable DMZ subnet. Though I think
> this could be mitigated by altering the rules to count packets going out
> or coming in an interface rather than based on source / destination IP.
I am counting only INcomming traffic (the -i flag). The source matching
is there only for the following reason: consider
You ->1-> Uplink router ->2-> Internet
If hop 2 is down, then the uplink router might send you back ICMP
messages that whatever destination you are trying to reach is
unreachable. This will count as traffic from the internet, whereas in
fact it isn't. This is why you need to exclude (thus the _!_ in -s) the
immediate uplink hops, and count incomming traffic (whatever it might
be) from the "far side" of the internet only.
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-06-21 16:00 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-21 7:05 [LARTC] Redundant internet connections Grant Taylor
2007-06-21 7:46 ` Salim S I
2007-06-21 14:46 ` Grant Taylor
2007-06-21 15:35 ` Peter Rabbitson
2007-06-21 15:52 ` Grant Taylor
2007-06-21 16:00 ` Peter Rabbitson [this message]
2007-06-21 16:23 ` Grant Taylor
2007-06-21 16:47 ` Peter Rabbitson
2007-06-21 17:02 ` Grant Taylor
2007-06-21 17:37 ` Peter Rabbitson
2007-06-21 18:27 ` Grant Taylor
2007-06-21 21:01 ` Alex Samad
2007-06-21 21:24 ` Grant Taylor
2007-06-21 22:18 ` Alex Samad
2007-06-21 22:23 ` Grant Taylor
2007-06-21 22:30 ` Alex Samad
2007-06-21 22:35 ` Grant Taylor
2007-06-21 22:39 ` Grant Taylor
2007-06-22 11:54 ` Gustavo Homem
2007-06-22 14:22 ` Grant Taylor
2007-06-22 14:57 ` Gustavo Homem
2007-06-22 15:59 ` Grant Taylor
2007-06-22 18:57 ` Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2003-10-13 15:45 [LARTC] Redundant Internet connections Seth J. Blank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=467AA0B1.1070603@rabbit.us \
--to=rabbit@rabbit.us \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.