[LARTC] 1+1 HA gateway

[LARTC] 1+1 HA gateway

[RoMaN SoFt / LLFB!!]

 Hi.

 I need to setup "one route" to a certain destination network (indeed
it's another LAN, which I want to connect to, i.e. I'm creating a
simple VPN). I have 2 possible gateways:
a) Fast (through an ADSL line via 192.168.7.254. This is a CIPE
connection)
b) Slow (through a RDSI line via 192.168.5.3. This is pure PPP)

 The situation I'm looking for is having two real routes to the
destination network (via the fast gateway and the slow one
respectively) but only the first (=fast) one is used in normal
conditions. The second (=slow) one will only be used in case the first
breaks (i.e. failover mode).

 I've tried to enter two different routes to the same destination and
it seems not to be permitted:

goliat:/etc/iproute2 # ip route list table roman
192.168.7.254 dev cipcb0  scope link 
default via 192.168.5.1 dev eth1 

goliat:/etc/iproute2 # ip route add 192.168.1.0/24 via 192.168.7.254
table roman

goliat:/etc/iproute2 # ip route add 192.168.1.0/24 via 192.168.5.3
table roman       
RTNETLINK answers: File exists
 
 Nevertheless I've checked the main table and I can see "duplicated"
routes (these were introduced by the "route" command):

goliat:/etc/iproute2 # ip route list
62.22.78.68 via 192.168.5.1 dev eth1 
62.22.78.68 via 192.168.5.2 dev eth1 
192.168.7.254 dev cipcb0  proto kernel  scope link  src 192.168.6.254 
192.168.5.0/24 dev eth1  proto kernel  scope link  src 192.168.5.200 
192.168.3.0/24 via 192.168.5.3 dev eth1 
192.168.2.0/24 via 192.168.5.3 dev eth1 
192.168.1.0/24 via 192.168.5.3 dev eth1 
192.168.0.0/24 dev eth0  proto kernel  scope link  src 192.168.0.200 
127.0.0.0/8 dev lo  scope link 
default via 192.168.5.1 dev eth1 
goliat:/etc/iproute2 # 

Note the 62.22.78.68 route. Now it is permitted !

 Is this last one a multipath route or what am I missing?

 Is it possible to reach the failover state I'm looking for? Any
experiences with that?

 Another possible case (perhaps it works) would be to set up a
multipath route and use a very high metric for the slow gateway, but
this is not exactly what I want 'cause I want the slow gateway to be
used IF and ONLY IF the fast one is down.

 Please, help. Thx in advance.

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
    ** RoMaN SoFt / LLFB **  
       roman@madrid.com
   http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] 1+1 HA gateway

[Mike Fedyk]

On Thu, Jul 12, 2001 at 04:47:57PM +0200, RoMaN SoFt / LLFB!! wrote:
> 
>  Hi.
> 
>  I need to setup "one route" to a certain destination network (indeed
> it's another LAN, which I want to connect to, i.e. I'm creating a
> simple VPN). I have 2 possible gateways:
> a) Fast (through an ADSL line via 192.168.7.254. This is a CIPE
> connection)
> b) Slow (through a RDSI line via 192.168.5.3. This is pure PPP)
> 
>  The situation I'm looking for is having two real routes to the
> destination network (via the fast gateway and the slow one
> respectively) but only the first (úst) one is used in normal
> conditions. The second (=slow) one will only be used in case the first
> breaks (i.e. failover mode).
> 

I believe the only way for the kernel to recognize that there has been
a failure, is the ethernet card detecting a line drop.  If you can be
sure that when the link goes down that this happens, you won't need
anything else except for the right rules in your routing setup.

If your setup won't do this, you'll need a script that actively checks
for connectivity, or for more complicated setups a routing protocol.

If I'm wrong, someone please let me know.

Mike

_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/

Re: [LARTC] 1+1 HA gateway

[Mike Fedyk]

On Fri, Jul 13, 2001 at 09:53:24AM +0200, RoMaN SoFt / LLFB !! wrote:
> On Thu, 12 Jul 2001 11:20:18 -0700, you wrote:
> 
> >>  The situation I'm looking for is having two real routes to the
> >> destination network (via the fast gateway and the slow one
> >> respectively) but only the first (úst) one is used in normal
> >> conditions. The second (=slow) one will only be used in case the first
> >> breaks (i.e. failover mode).
> >
> >I believe the only way for the kernel to recognize that there has been
> >a failure, is the ethernet card detecting a line drop.  If you can be
> >sure that when the link goes down that this happens, you won't need
> >anything else except for the right rules in your routing setup.
> 
>  I forgot to say that I also tried to use metric: two routes with
> different metric (one with default metric [0, isn't it] and the other
> one with metric 10). This time I could enter the two  routes to the
> same destination but when the first gateway lose connectivity it seems
> not to be detected. I'll keep on doing some testing.
> 
>  I read in this list's archives that the kernel routing code should
> detect if the gateway is ok and in negative case switch to another
> route (with greater metric). How does it work exactly? Which type of
> checks are performed?
>

I don't really know.  I haven't seen any traffic on the network that
seems to try to detect connectivity.

>  Mike, the issue is not to detect when ethernet is broken (this is a
> feature of the network card and it is used, for instance, in "bonding"
> driver; indeed in that case my problem would be solved using this
> driver in backup mode) but detecting when the destination network is
> not reachable. So the gateway itself could be ok (it could have its
> "receiving" ethernet up, I mean, my linux router [which I'm trying to
> config] can reach the gateway) but its output line could be down
> avoiding a correct deliver of packets (gateway can reach destination
> network).
> 
>  Is it absolutely necessary to use a routing daemon in my case? Or the
> metric trick should be sufficient for me?
> 

I would guess that the kernel would need some icmp message sent to it
to detect that a route is down.  Like "dest unreachable" from the
first hop.

In my case, I have a bridged DSL connection, and if the link goes
down, I won't get the icmp either.  I have another routed dsl
connection, but I haven't tested with that yet.  With the bridged
line, the packets go out, and don't get any response.  The kernel
doesn't do anything in this case.

Do you know anything about C or C++ coding?  If so, you could take a
look at the routing code yourself and maybe get an idea of what is
going on.

My guess is that it requires dest-unreach to work.  It'd change in the
routing cache, and you wouldn't see anything in your other tables
change.

Mike


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/