Re: [LARTC] Redundant internet connections.

From: Peter Rabbitson <rabbit@rabbit.us>
To: lartc@vger.kernel.org
Subject: Re: [LARTC] Redundant internet connections.
Date: Thu, 21 Jun 2007 16:47:17 +0000	[thread overview]
Message-ID: <467AAB95.1000204@rabbit.us> (raw)
In-Reply-To: <467A2354.1070805@riverviewtech.net>

Grant Taylor wrote:
> On 06/21/07 11:00, Peter Rabbitson wrote:
> Ah, here is part of the problem.
> 
>                      (    eth1    ) --- (DSL Modem) / DSL Gateway
> Server --- (DMZ) --- (Linux Router)
>                      (    eth2    ) --- (Cable Modem / Cable Gateway
> 
> Note:  Globally routable DMZ is connected to eth0.
> 
> Traffic will be to / from servers in the DMZ and clients on the internet 
> at large.
> 
> My "Linux Router" (above) *IS* the system that would send the ICMP ... 
> unreachable message.  So, there is not an upstream router to look for 
> traffic from.
> 
> I suppose that I could match traffic coming in eth1 or eth2, but I would 
> have to be careful about he source / destination.  However the very 
> existence of inbound traffic means that the link is up for at least 
> inbound traffic.  However I also need to know that I can send traffic 
> too. 

You are misunderstanding how ICMP works. The modems themselves are hops, 
and the thing they connect to is another hop. Just look at the first 
several entries of a traceroute to any destination, and you will see 
what I mean. If you still do not believe me - pull the ISP side cable 
from the modem, while still having your router connected to it, and try 
to do a ping to somewhere. Look at the source of the dest. unreachable 
message - it will come from the modem, not from the linux box.

> I've had situations where the traffic would come in but not go out 
> (Do NOT ask how why!).

This would be a problem with your router configuration. It is virtually 
impossible to have an upstream problem that would cause this. It either 
works both ways or does not at all.

> I suppose such monitoring will work, but I still feel like there is a 
> better solution out there.

I thought so too, but it seems that the only thing that comes close (and 
still does not cut it) are the DGD patches. And (this is my personal 
opinion) the fact they have not been included in the kernel for such a 
long time, indicates there is something fishy about them.

I myself am using a different approach as I am doing load balancing as 
well. A script sends icmp ping packets with large payloads to several 
destinations and computes the mean rtt. Then the ratio of both rtts is 
used to assign link weights. When no pings come back one of the weights 
will be 0, and effectively no routing will be performed through this link.

> There is also the fact that I am wanting to use one route unless it is 
> down and then use the backup.  If the primary route is up and traffic 
> comes in the backup, it is to go back out the primary.
> 

Nothing above prevents you from doing this, although it is a bad idea. 
Of course if you know what you are doing and still want to do it - it's 
your system :)

_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc