Mailing List Archive
tlug.jp
Mailing List
tlug archive
tlug Mailing List Archive
|
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [tlug] WAN fail-over configuration in Linux-based router
- Date: Fri, 6 Nov 2009 04:50:42 +0900
- From: Patrick Bernier <pat@example.com>
- Subject: Re: [tlug] WAN fail-over configuration in Linux-based router
- References: <1a4744f80911050525g55066627ga0fe428222da8ce5@example.com>
- User-agent: Mutt/1.5.18 (2008-05-17)
Quoting Jianshi Huang: > Could somebody tell me what's the best way to achieve WAN fail-over > (backup) in a Linux-based router, e.g. openwrt or Vyatta open > networking. > > Since full fail-over also needs support from ISP side. Any established > connection can allowed to be dropped if one line drops. New > connections would be routed to the backup line. Okay, so we're not talking about true BGP multi-homing here, but about having two separate ISP connections, using one as a primary link and one as a backup link. As you said, since you will be NATting your internal network to two different public IPs (probably dynamic IPs unless you are paying extra to get static IPs), connections will have to be re-initiated by the users/programs on your network when a failover occurs. I had this exact kind of setup until recently, using my neighbor's FLETS Hikari link whenever my cable modem service failed (not often!), using OpenWRT running on a cheap Buffalo AirStation G router (although in the end I disabled my automatic route failover scripts because all I really cared about was the overlaid OpenVPN network, which already detects VPN link failures and adjusts routing accordingly). First, you'll need to reconfigure the router for multiple WAN connections. For example, OpenWRT routers are usually setup with only one port used for the WAN connection and the rest bridged together (usually by using VLANs on the hardware switch). How to do this is well documented on the OpenWRT pages and will depend on the particular hardware you are using; it basically involves setting up a series of variables in the nvram to describe your desired interface settings. Depending on the version, you might also have to adjust the firewall settings. Then, since you're not asking for link sharing, all you need is to reliably detect when a link goes down and update your routing table to reflect that fact. When using true routing protocols (BGP, OSPF, RIP, etc.) this is detected by the protocol being able to talk to the next router or not, but in this case, you're not getting that from your ISPs, so we need to hack it up differently. If the links are PPP (e.g. PPPoE on ADSL), failure of the PPP session can bring the interface down automatically, so you could have two default routes with different metrics and simply rely on that. But this would not protect you against failures anywhere else /within/ that ISP's network, between you and their upstream connection(s)... So, the bottom line is, PPPoE or not, it's probably better to setup an infinitely looping script that will use a criteria of your choice to select the best exit; for example, you might want to ping a set of remote hosts you use often, and if they all fail, delete the default route for the interface being tested. Or you might want to check if you can connect to some web servers with wget. Make sure you use multiple targets, and declare your link "up" if /any/ of them is reachable -- you don't want to trigger a failover just because your favorite website is down at the other end. Also, do you need to support /incoming/ connections to your network from the Internet? If so, you will likely want to setup DNS records with very low timeouts, and setup something on your side to update the records to point to the backup address when the primary address fails. There are several ways to do this, but using the tools present in OpenWRT it's pretty easy if you're dealing with one of the free dynamic DNS providers like DynDNS -- you just need to invoke the update program when you change your route. This could also be handled from one of the computers inside your network. This is a very general overview. We can give you more specific information on how to accomplish all this with OpenWRT if you want. One final thought... If possible, I would strongly suggest using different technologies for the two links, e.g. one fiber and one ADSL, or cable modem, etc., although the absolute cheapest way to do it (which would not protect you against a physical problem on your end of the link) would be two separate PPP sessions to two different ISPs over the same ADSL link. -- () Patrick (L.) Bernier <pat@example.com> () http://www.TZoNE.ORG/~pat/ () GPG B070 BBB6 188D EB1E 353A 90E4 96FF D8EB 1ADC BE03 () "Words have meaning, and names have power." -- Lorien
- Follow-Ups:
- Re: [tlug] WAN fail-over configuration in Linux-based router
- From: Francois Cartegnie
- Re: [tlug] WAN fail-over configuration in Linux-based router
- References:
- [tlug] WAN fail-over configuration in Linux-based router
- From: Jianshi Huang
- [tlug] WAN fail-over configuration in Linux-based router
- Prev by Date: Re: [tlug] WAN fail-over configuration in Linux-based router
- Next by Date: Re: [tlug] WAN fail-over configuration in Linux-based router
- Previous by thread: Re: [tlug] IPv6 address allocation
- Next by thread: Re: [tlug] WAN fail-over configuration in Linux-based router
- Index(es):
| Home Page | Mailing List | Linux and Japan | TLUG Members | Links |