From mboxrd@z Thu Jan 1 00:00:00 1970 From: Peter Rabbitson Date: Thu, 21 Jun 2007 16:00:49 +0000 Subject: Re: [LARTC] Redundant internet connections. Message-Id: <467AA0B1.1070603@rabbit.us> List-Id: References: <467A2354.1070805@riverviewtech.net> In-Reply-To: <467A2354.1070805@riverviewtech.net> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit To: lartc@vger.kernel.org Grant Taylor wrote: > On 06/21/07 10:35, Peter Rabbitson wrote: >> I don't know about any working in-kernel solutions, but you can do it >> trivially with netfilter and a cronjob: > > > > If I understand what you are proposing correctly, it looks like you are > jumping to a sub-chain used used only for counting traffic. If the > counters show traffic, you are saying that traffic is flowing across the > link and thus the link must be up and functional. Right? Almost correct > If the link is not up and functional the take action to not use that link. This is not something I do automatically in netfilter - it is a responsibility of the cron job. > I'm also not clearly understanding how matching the source IP will work > on either link considering that both links will have the capability to > pass traffic for the same globally routable DMZ subnet. Though I think > this could be mitigated by altering the rules to count packets going out > or coming in an interface rather than based on source / destination IP. I am counting only INcomming traffic (the -i flag). The source matching is there only for the following reason: consider You ->1-> Uplink router ->2-> Internet If hop 2 is down, then the uplink router might send you back ICMP messages that whatever destination you are trying to reach is unreachable. This will count as traffic from the internet, whereas in fact it isn't. This is why you need to exclude (thus the _!_ in -s) the immediate uplink hops, and count incomming traffic (whatever it might be) from the "far side" of the internet only. _______________________________________________ LARTC mailing list LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc