From: Grant Taylor <gtaylor@riverviewtech.net>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Redundant internet connections.
Date: Thu, 21 Jun 2007 16:23:45 +0000 [thread overview]
Message-ID: <467AA611.1090606@riverviewtech.net> (raw)
In-Reply-To: <467A2354.1070805@riverviewtech.net>
On 06/21/07 11:00, Peter Rabbitson wrote:
> This is not something I do automatically in netfilter - it is a
> responsibility of the cron job.
*nod*
> I am counting only INcomming traffic (the -i flag). The source matching
> is there only for the following reason: consider
>
> You ->1-> Uplink router ->2-> Internet
>
> If hop 2 is down, then the uplink router might send you back ICMP
> messages that whatever destination you are trying to reach is
> unreachable. This will count as traffic from the internet, whereas in
> fact it isn't. This is why you need to exclude (thus the _!_ in -s) the
> immediate uplink hops, and count incomming traffic (whatever it might
> be) from the "far side" of the internet only.
Ah, here is part of the problem.
( eth1 ) --- (DSL Modem) / DSL Gateway
Server --- (DMZ) --- (Linux Router)
( eth2 ) --- (Cable Modem / Cable Gateway
Note: Globally routable DMZ is connected to eth0.
Traffic will be to / from servers in the DMZ and clients on the internet
at large.
My "Linux Router" (above) *IS* the system that would send the ICMP ...
unreachable message. So, there is not an upstream router to look for
traffic from.
I suppose that I could match traffic coming in eth1 or eth2, but I would
have to be careful about he source / destination. However the very
existence of inbound traffic means that the link is up for at least
inbound traffic. However I also need to know that I can send traffic
too. I've had situations where the traffic would come in but not go out
(Do NOT ask how why!).
I suppose such monitoring will work, but I still feel like there is a
better solution out there.
There is also the fact that I am wanting to use one route unless it is
down and then use the backup. If the primary route is up and traffic
comes in the backup, it is to go back out the primary.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
next prev parent reply other threads:[~2007-06-21 16:23 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2007-06-21 7:05 [LARTC] Redundant internet connections Grant Taylor
2007-06-21 7:46 ` Salim S I
2007-06-21 14:46 ` Grant Taylor
2007-06-21 15:35 ` Peter Rabbitson
2007-06-21 15:52 ` Grant Taylor
2007-06-21 16:00 ` Peter Rabbitson
2007-06-21 16:23 ` Grant Taylor [this message]
2007-06-21 16:47 ` Peter Rabbitson
2007-06-21 17:02 ` Grant Taylor
2007-06-21 17:37 ` Peter Rabbitson
2007-06-21 18:27 ` Grant Taylor
2007-06-21 21:01 ` Alex Samad
2007-06-21 21:24 ` Grant Taylor
2007-06-21 22:18 ` Alex Samad
2007-06-21 22:23 ` Grant Taylor
2007-06-21 22:30 ` Alex Samad
2007-06-21 22:35 ` Grant Taylor
2007-06-21 22:39 ` Grant Taylor
2007-06-22 11:54 ` Gustavo Homem
2007-06-22 14:22 ` Grant Taylor
2007-06-22 14:57 ` Gustavo Homem
2007-06-22 15:59 ` Grant Taylor
2007-06-22 18:57 ` Grant Taylor
-- strict thread matches above, loose matches on Subject: below --
2003-10-13 15:45 [LARTC] Redundant Internet connections Seth J. Blank
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=467AA611.1090606@riverviewtech.net \
--to=gtaylor@riverviewtech.net \
--cc=lartc@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.