BFW Firewall & Router

[slthom]

I currently have 2 DSL lines from the same ISP and have Load Balancing enabled. Well, when the ISP goes down, both lines are dead. What I want to do is get rid of one of the DSL lines and replace it with a cable line. I want the cable line to be the primary line and the DSL to be the secondary (backup). That way, if the cable line goes down, the traffic will be directed to the DSL line that is up until the main line comes back online and then traffic goes back to the cable line.

How do I go about setting this up?

[Marcos do Vale]

"arping -i eth1 new_gateway_address"

Or flush the arp table.

[slthom]

Pardon my ignorance, but I have set BrazilFW up very basic using the web interface.

Where exactly do I put that entry? Is this a manual entry that is done when the link goes down?

[bobbb]

You are going to have to get your feet wet on this one. There is no nice neat option to turn on. I had worked on something like this in the past but just to notify the administrator (me).

First let me quote.

if the cable line goes down, the traffic will be directed to the DSL line that is up until the main line comes back online and then traffic goes back to the cable line.

I am presumimg that both lines are used (load balance) and that if one goes down the other will take the complete load until the down line comes up again. Then you load balance once more.

This needs to be a cron job and how often do you test is your choice. Every minute? surely not. Every hour? seems long. Somewhere in between. surely.

How to determine a down status? If your gateway does not reply to a ping then I take that to mean down status. What I have in the works is not perfect yet and I want it to work for the possible 4 WAN lines you can have in BFW. I don't have 2 DSLs so I have to simulate.

This is the plan:
The scripts checks the status of all lines via pings and aggregates their states. Next I check if the aggregate state is the same as the aggregate state of the previous pass. If it is then I do nothing. This catches the cases where all lines are all still up or if the same line is still down and the others up. If there is a difference then I flush and re-create the routing table in question to reflect the status of all lines and save the new aggregate state. This is all theory and I can't really test.

I am not taking into consideration that all lines may be down. If you have services that come in via the down line then they are dead. Open connections that get caught in between an up and down status are also dead. I think this is to be expected. Took a bit of time for this reply because I had to figure out how it all worked to devise a plan.

I still need to run some final tests before I post the script.

[slthom]

Thanks for the response. That is exactly what I am looking for.

[bobbb]

After thinking it over, I find that 1 lost packet is a bit severe to presume that a line is dead so I will do 5 pings using a 5 second delay. This gives us a 20 second window in which a packet can come in. I will then assume a 100% loss to be a dead line.

[Marcos do Vale]

The keepalive.sh or failover.sh script "next generation":

Código: Selecionar todos

#!/bin/sh

. /etc/coyote/coyote.conf
. /tmp/netsubsys.state
[ -z "$PING_IP" ] && PING_IP=72.14.205.103
[ -z "$PING_RETRY" ] && PING_RETRY=3
ping=/usr/sbin/ping
ERR=0
CHECK1=0
CHECK2=0
CHECK3=0
CHECK4=0

if [ "$INET_UP" = "UP" ] ; then
 if [ "$INETTYPE" = "PPP" -o "$INETTYPE" = "PPPOE" ] ; then
   IF_INET=ppp0
   IPADDR=`getifaddr $IF_INET`
   GATEWAY=`ifconfig ppp0 | grep P-t-P`
   GATEWAY=`echo $GATEWAY | cut -f 3 -d " "`
   GATEWAY=`echo $GATEWAY | cut -f 2 -d :`
 elif [ "$INETTYPE" = "ETHERNET_DHCP" ] ; then
   . /etc/dhcpc/$IF_INET.info
   IPADDR=$dhcp_ip
   GATEWAY=$dhcp_router
 fi
fi

check_ping() {
 COUNT=1
 while [ $COUNT -le $PING_RETRY ]; do
   $ping -c 1 -I $1 "$PING_IP" > /dev/null
   [ $? = 0 ] && return 0 || { COUNT=$(($COUNT+1)); }
 done
 return 1
}

flush_cache() {
 if [ "$LOAD_BALANCE" = "YES" ] ; then
   COMMAND="ip ro add default table 222 proto static"
   [ $CHECK1 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY dev $IF_INET weight $INET_WEIGHT"
   [ $CHECK2 = 0 ] && COMMAND=$COMMAND" nexthop via $INET2_GATEWAY dev $IF_INET2 weight $INET2_WEIGHT"
   [ $CHECK3 = 0 ] && COMMAND=$COMMAND" nexthop via $INET3_GATEWAY dev $IF_INET3 weight $INET3_WEIGHT"
   [ $CHECK4 = 0 ] && COMMAND=$COMMAND" nexthop via $INET4_GATEWAY dev $IF_INET4 weight $INET4_WEIGHT"
   ip ro flush table 222
   ip ro flush cache
   $COMMAND
 fi
}

while [ /bin/true ]; do
 [ ! -z $IF_INET ] && { OLD_CHECK1=$CHECK1;
   check_ping $IPADDR && CHECK1=0 || CHECK1=1;
   [ $CHECK1 != $OLD_CHECK1 ] && ERR=1; }
 [ ! -z $IF_INET2 ] && { OLD_CHECK2=$CHECK2;
   check_ping $INET2_IPADDR && CHECK2=0 || CHECK2=1;
   [ $CHECK2 != $OLD_CHECK2 ] && ERR=1; }
 [ ! -z $IF_INET3 ] && { OLD_CHECK3=$CHECK3;
   check_ping $INET3_IPADDR && CHECK3=0 || CHECK3=1;
   [ $CHECK3 != $OLD_CHECK3 ] && ERR=1; }
 [ ! -z $IF_INET4 ] && { OLD_CHECK4=$CHECK4;
   check_ping $INET4_IPADDR && CHECK4=0 || CHECK4=1;
   [ $CHECK4 != $OLD_CHECK4 ] && ERR=1; }
 [ $ERR -gt 0 ] && flush_cache
 sleep 50
done

[bobbb]

I've come up with something like this but I would like to make variables with common commands like Marcos did above. It would make it cleaner to read and diagnose. The script still does not implement the new routing table because I echo the commands (for now) instead of executing them. I suppose a nice place to put it is in /usr/sbin/ with a name like loadbalance.check

It's in the path so now it can be scheduled with the cron feature. To get it to backup I will have to make a package

The next phase of testing to to create a BFW with 3 WANs and simulate down status(s) by unpluging the cable(s) (or something). Can't do 4 yet but presume it will act like the others.

Código: Selecionar todos

CODE REMOVED see the latest in my post below


2008/03/19 22:30 (GMT)
There was a DUH error in my script in how I figured out my route and weight for each interface so I copied from rc.loadbalance.

I also do not take into account PPPoE and DHCP dynamic connections otherwise I need to do the first Internet line like Marcos above. Guess I should work it in too.

[yeager]

Nice idea
I have one question about load balancing. I have two links, one 8Mbit/8Mbib and second 2Mbit/256Kbit DSL. Set weight for first link to 4 and for second link for 1. After i turn on the LoadBalancing, all my traffic is redirected to DSL. This way i can not use LoadBalancing and turning it on only at that time when my first link is dead for activate fail over. Is it possible remake this script so:
- when first link is active, then all traffik goes through it
- when first link is dead, then all trafik is redirected to second link
- after the first link is again alive, all traffik goes through it

[bobbb]

I have two links, one 8Mbit/8Mbib and second 2Mbit/256Kbit DSL. Set weight for first link to 4 and for second link for 1. After i turn on the LoadBalancing, all my traffic is redirected to DS

That is not how I thought load balancing worked. According to the docs it is supposed to send traffic through both. What you describe is load balancing that does not work. If this is the case then I ask the question why is it there?

I' m sure others are following this so please reply. We need to learn.
Does it work for you? How many lines? What kind(PPPoE,DHCP, static)? Speed? Weights?

When you turn on balancing does not even some packets go through the second DSL especially after startup. With load balancing on post the output of: ip route show table 222
The command ifconfig XXX produces a line like this:

Código: Selecionar todos

RX bytes:2572141 (2.4 MiB)  TX bytes:280679 (274.1 KiB)

If it is changing for both WANs then there is traffic on both.

The routing code creates a cache so it does not have to make the same decisions over and over. It uses what was the last route for a known destination. You may want to try: ip route flush cache

If load balancing works as is documented then my script should handle the situation. We would need to make your balancing work properly first.

Just for my knowledge, are both links static..

[yeager]

Sorry for my off topick. I will only say, whay i need this:

- when first link is active, then all traffik goes through it
- when first link is dead, then all trafik is redirected to second link
- after the first link is again alive, all traffik goes through it

I dont konow, that this is LoadBalancing problem or not, while the firs 5 min it work wery well. But after this all my traffick goes through DSL :(

PS: wery good idea is test the link with 5 ping and not with one

[Marcos do Vale]

Hi,

keepalive.sh script (original of BFW 2.30.1 version):

Código: Selecionar todos

#!/bin/sh
. /etc/coyote/coyote.conf
. /tmp/netsubsys.state

while true ; do
  GW="0.0.0.0"
  if [ "$INET_UP" = "UP" ] ; then
    if [ "$INETTYPE" = "PPP" -o "$INETTYPE" = "PPPOE" ] ; then
      IF_INET=ppp0
      GATEWAY=`ifconfig ppp0 | grep P-t-P`
      GATEWAY=`echo $GATEWAY | cut -f 3 -d " "`
      GATEWAY=`echo $GATEWAY | cut -f 2 -d :`
    elif [ "$INETTYPE" = "ETHERNET_DHCP" ] ; then
      . /etc/dhcpc/$IF_INET.info
      GATEWAY=$dhcp_router
    fi
    GW=$GATEWAY
  fi
 
  ping -c 1 $GW
  [ -n "$INET2_GATEWAY" ] && ping -c 1 $INET2_GATEWAY
  [ -n "$INET3_GATEWAY" ] && ping -c 1 $INET3_GATEWAY
  [ -n "$INET4_GATEWAY" ] && ping -c 1 $INET4_GATEWAY

  sleep 50
done

What wrong ?
This script only detect the "gateway dead" because Claudio add a path in kernel.
But not detect "link dead" after the gateway device. For example: The ADSL modem is responding, but the ADSL conection is down.

But I need more functions:
- Rebuild routes
- Detection the new MAC address after the link alive (in the case of replacement the modem)
- The script should work with or without Load Balance (Yeager use the Link Backup configuration).

[andrefellows]

try this

i've got from somewhere here in forum and changed a little things:

Código: Selecionar todos

#!/bin/sh
. /etc/coyote/coyote.conf
. /tmp/netsubsys.state
#. /etc/failover.conf

ACTIVE='YES'
PING_IP1='209.85.193.147'
PING_IP2='209.85.193.147'
PING_IP3='209.85.193.147'
PING_IP4='209.85.193.147'
COUNT='5'

test "$ACTIVE" = "NO" && exit

##########################
# Configure variables
##########################

# Debug -> if debug = 1, log the commands and the command result in the FILE
DEBUG=1
# FILE -> the debug file
LOG="/partition/linecheck.log"
# TABLE number -> this should be greped in /etc/rc.d/rc.loadbalance
TABLE=222
# CORRECTED -> if th gateways was corrected
CORRECTED=0
# LASTATE -> last state os the links
LASTATE=0
# GWNO -> number of gateways
GWNO=0
# SECONDS -> seconds to sleep until check the lines again
SECONDS=10

log(){
   if [ $DEBUG = 0 ] ; then
      return;
   fi
   # Actual time
   TIME=$(date +%X)
   #Date dd/mm/yyyy
   TODAY=$(date +%d/%b/%Y)
   echo "${TODAY}, $TIME - ${1} " >> $LOG
#   echo "${TODAY}, $TIME - ${1} "
}

log "Staring linecheck"

#  Change default interface name from eth1 to ppp0 if using PPPoE
if [ "$INETTYPE" = "PPP" -o "$INETTYPE" = "PPPOE" ] ; then
  IF_INET=ppp0
fi

[ $IF_INET ]  && GATEWAY1=`ip route list table $TABLE | grep $IF_INET  | cut -d " " -f 3`
[ $IF_INET ]  && log "Gateway 1: $GATEWAY1"
[ $IF_INET2 ] && GATEWAY2=`ip route list table $TABLE | grep $IF_INET2 | cut -d " " -f 3`
[ $IF_INET2 ] && log "Gateway 2: $GATEWAY2"
[ $IF_INET3 ] && GATEWAY3=`ip route list table $TABLE | grep $IF_INET3 | cut -d " " -f 3`
[ $IF_INET3 ] && log "Gateway 3: $GATEWAY3"
[ $IF_INET4 ] && GATEWAY4=`ip route list table $TABLE | grep $IF_INET4 | cut -d " " -f 3`
[ $IF_INET4 ] && log "Gateway 4: $GATEWAY4"

[ $GATEWAY1 ] && GWNO=$(($GWNO + 1))
[ $GATEWAY2 ] && GWNO=$(($GWNO + 1))
[ $GATEWAY3 ] && GWNO=$(($GWNO + 1))
[ $GATEWAY4 ] && GWNO=$(($GWNO + 1))
log "Number of gateways: $GWNO"

[ $IF_INET ]  && NETMASK1=`ifconfig $IF_INET  | grep Mask | cut -d ":" -f 4 | cut -d " " -f 0`
[ $IF_INET ]  && log "Netmask 1: $NETMASK1"
[ $IF_INET2 ] && NETMASK2=`ifconfig $IF_INET2 | grep Mask | cut -d ":" -f 4 | cut -d " " -f 0`
[ $IF_INET2 ] && log "Netmask 2: $NETMASK2"
[ $IF_INET3 ] && NETMASK3=`ifconfig $IF_INET3 | grep Mask | cut -d ":" -f 4 | cut -d " " -f 0`
[ $IF_INET3 ] && log "Netmask 3: $NETMASK3"
[ $IF_INET4 ] && NETMASK4=`ifconfig $IF_INET4 | grep Mask | cut -d ":" -f 4 | cut -d " " -f 0`
[ $IF_INET4 ] && log "Netmask 4: $NETMASK4"

[ $IF_INET ]  && INET_IP1=`ifconfig $IF_INET  | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 0`
[ $IF_INET ]  && log "INET_IP1: $INET_IP1"
[ $IF_INET2 ] && INET_IP2=`ifconfig $IF_INET2 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 0`
[ $IF_INET2 ] && log "INET_IP2: $INET_IP2"
[ $IF_INET3 ] && INET_IP3=`ifconfig $IF_INET3 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 0`
[ $IF_INET3 ] && log "INET_IP3: $INET_IP3"
[ $IF_INET4 ] && INET_IP4=`ifconfig $IF_INET4 | grep "inet addr" | cut -d ":" -f 2 | cut -d " " -f 0`
[ $IF_INET4 ] && log "INET_IP4: $INET_IP4"

echo "IF_INET='"$IF_INET"'" > /tmp/failover.info
echo "INET_IP1='"$INET_IP1"'" >> /tmp/failover.info
echo "NETMASK1='"$NETMASK1"'" >> /tmp/failover.info
echo "GATEWAY1='"$GATEWAY1"'" >> /tmp/failover.info
echo "INET_WEIGHT='"$INET_WEIGHT"'" >> /tmp/failover.info
echo "IF_INET2='"$IF_INET2"'" >> /tmp/failover.info
echo "INET_IP2='"$INET_IP2"'" >> /tmp/failover.info
echo "NETMASK2='"$NETMASK2"'" >> /tmp/failover.info
echo "GATEWAY2='"$GATEWAY2"'" >> /tmp/failover.info
echo "INET2_WEIGHT='"$INET2_WEIGHT"'" >> /tmp/failover.info
echo "IF_INET3='"$IF_INET3"'" >> /tmp/failover.info
echo "INET_IP3='"$INET_IP3"'" >> /tmp/failover.info
echo "NETMASK3='"$NETMASK3"'" >> /tmp/failover.info
echo "GATEWAY3='"$GATEWAY3"'" >> /tmp/failover.info
echo "INET3_WEIGHT='"$INET3_WEIGHT"'" >> /tmp/failover.info
echo "IF_INET4='"$IF_INET4"'" >> /tmp/failover.info
echo "INET_IP4='"$INET_IP4"'" >> /tmp/failover.info
echo "NETMASK4='"$NETMASK4"'" >> /tmp/failover.info
echo "GATEWAY4='"$GATEWAY4"'" >> /tmp/failover.info
echo "INET4_WEIGHT='"$INET4_WEIGHT"'" >> /tmp/failover.info

# Start daemon
while [ /bin/true ] ; do

   GW_OK=0
   FAIL=0
   CHECK1=0
   CHECK2=0
   CHECK3=0
   CHECK4=0

   if [ $GATEWAY1 ] ; then
      ping2 -c $COUNT -I $IF_INET $PING_IP1 > /dev/null
      CHECK1=`echo $?`
      log "Check1: $CHECK1"
   fi

   if [ $GATEWAY2 ] ; then
      ping2 -c $COUNT -I $IF_INET2 $PING_IP2 > /dev/null
      CHECK2=`echo $?`
      log "Check2: $CHECK2"
   fi

   if [ $GATEWAY3 ] ; then
      ping2 -c $COUNT -I $IF_INET3 $PING_IP3 > /dev/null
      CHECK3=`echo $?`
      log "Check3: $CHECK3"
   fi

   if [ $GATEWAY4 ] ; then
      ping2 -c $COUNT -I $IF_INET4 $PING_IP4 > /dev/null
      CHECK4=`echo $?`
      log "Check4: $CHECK4"
   fi

   echo "CHECK1='"$CHECK1"'" > /tmp/failover.status
   echo "CHECK2='"$CHECK2"'" >> /tmp/failover.status
   echo "CHECK3='"$CHECK3"'" >> /tmp/failover.status
   echo "CHECK4='"$CHECK4"'" >> /tmp/failover.status

   FAIL=$(($CHECK1+$CHECK2+$CHECK3+$CHECK4))
#   log "Fail: $FAIL"

   # If FAIL > 0 and no corrected, fix the table
   if [ $FAIL != 0 ] ; then
      log "Fail: $FAIL"
      if [ $CORRECTED = 0 ] || [ $LASTATE != $FAIL ] ; then
         COMMAND="ip route add default table $TABLE proto static"         
         [ $GATEWAY1 ] && [ $CHECK1 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY1 dev $IF_INET weight $INET_WEIGHT"
         [ $GATEWAY2 ] && [ $CHECK2 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY2 dev $IF_INET2 weight $INET2_WEIGHT"
         [ $GATEWAY3 ] && [ $CHECK3 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY3 dev $IF_INET3 weight $INET3_WEIGHT"
         [ $GATEWAY4 ] && [ $CHECK4 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY4 dev $IF_INET4 weight $INET4_WEIGHT"
         
         log "Command: $COMMAND"
                  
         ip route flush table $TABLE
         ip route flush cache
         $COMMAND
         
         log "ip route flush table $TABLE"
         log "ip route flush cache"         
         
         CORRECTED=1
         LASTATE=$FAIL
         log "Corrected: $CORRECTED"
         log "Last state: $LASTATE"
      fi
   else
      # If no FAIL, try to restore the failed WAN
      GW_OK=`ip route list table $TABLE | grep -c via`
      #log "Working gateways: $GW_OK of $GWNO"
      if [ $GW_OK != $GWNO  ] ; then
         log "Working gateways: $GW_OK of $GWNO"
         COMMAND="ip route add default table $TABLE proto static"
         [ $GATEWAY1 ] && [ $CHECK1 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY1 dev $IF_INET weight $INET_WEIGHT"
         [ $GATEWAY2 ] && [ $CHECK2 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY2 dev $IF_INET2 weight $INET2_WEIGHT"
         [ $GATEWAY3 ] && [ $CHECK3 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY3 dev $IF_INET3 weight $INET3_WEIGHT"
         [ $GATEWAY4 ] && [ $CHECK4 = 0 ] && COMMAND=$COMMAND" nexthop via $GATEWAY4 dev $IF_INET4 weight $INET4_WEIGHT"
                  
         ip route flush table $TABLE
         ip route flush cache
         $COMMAND
         
         log "ip route flush table $TABLE"
         log "ip route flush cache"
         log "Command: $COMMAND"
         
         CORRECTED=0
         log "Corrected: $CORRECTED"
      fi
   fi
   sleep $SECONDS
done



[bobbb]

I've discovered in all this testing that if there is residue in the fields for second, third, or fourth Internet link then it is posslble that load balancing will not get configured properly. The main field is the IP address. If someone leaves that filled and blanks out any of the other 3 fields then the logic for loadbalancing will execute with NULL variables and the routing table will not be set. This is tested.

This is my latest version that is completely tested except for PPPoE. The problem above exists for this script also so I say that if your externals WAN are properly configured then this script will work.

I made a package named loadbalance.check.tgz but am not sure where to put it.

Código: Selecionar todos

#!/bin/sh
. /etc/coyote/coyote.conf
#Take the (error) state of all lines.
#INET1,2,3,4 are states 1,2,4,8 respectively
state=0
#a count of 1 is not a good indicator for a line down
COUNT="-c 5"
INTERVAL="-i 5"
#first time only - presuming prev_state is all lines up
if ! [ -e /tmp/loadbalance.state ]; then
   echo 0 > /tmp/loadbalance.state
fi

case "$INETTYPE" in
  "PPPOE" | "PPP" )
   if [ -n "ppp0" ]; then
      IF_INET=ppp0
      IPADDR=`getifaddr ppp0`
      GATEWAY=`ifconfig ppp0 | grep P-t-P | cut -f 3 -d ':' | cut -f 1 -d ' '`
   fi
     ;;
  "ETHERNET_DHCP" )
   if [ -e "/etc/dhcpc/$IF_INET.info" ]; then
      . /etc/dhcpc/$IF_INET.info
      IPADDR=$dhcp_ip
      GATEWAY=$dhcp_router
   fi
     ;;
esac

if [ -n "IPADDR" ] && [ -n "$IF_INET" ]; then
#echo testing First External Interface
   loss=`ping $COUNT $INTERVAL $GATEWAY | grep received | cut -d ' ' -f 6`
   if [ "$loss" = "100%" ]; then
      logger $GATEWAY is down
      state=1
   else
      [ -z $INET_WEIGHT ] && INET_WEIGHT=1
      route1="nexthop via $GATEWAY dev $IF_INET weight $INET_WEIGHT"
   fi
fi

if [ -n "$INET2_IPADDR" ] && [ -n "$IF_INET2" ]; then
#echo testing Second External Interface
   loss=`ping $COUNT $INTERVAL $INET2_GATEWAY | grep received | cut -d ' ' -f 6`
   if [ "$loss" = "100%" ]; then
      logger $INET2_GATEWAY is down
      state=$((state+2))
   else
      [ -z $INET2_WEIGHT ] && INET2_WEIGHT=1
      route2="nexthop via $INET2_GATEWAY dev $IF_INET2 weight $INET2_WEIGHT"
   fi
fi

if [ -n "$INET3_IPADDR" ] && [ -n "$IF_INET3" ]; then
#echo testing Third external interface
   loss=`ping $COUNT $INTERVAL $INET3_GATEWAY | grep received | cut -d ' ' -f 6`
   if [ "$loss" = "100%" ]; then
      logger $INET3_GATEWAY is down
      state=$((state+4))
   else
      [ -z $INET3_WEIGHT ] && INET3_WEIGHT=1
      route3="nexthop via $INET3_GATEWAY dev $IF_INET3 weight $INET3_WEIGHT"
   fi
fi

if [ -n "$INET4_IPADDR" ] && [ -n "$IF_INET4" ]; then
#echo testing Fourth external interface
   loss=`ping $COUNT $INTERVAL $INET4_GATEWAY | grep received | cut -d ' ' -f 6`
   if [ "$loss" = "100%" ]; then
      logger $INET4_GATEWAY is down
      state=$((state+8))
   else
      [ -z $INET4_WEIGHT ] && INET4_WEIGHT=1
      route4="nexthop via $INET4_GATEWAY dev $IF_INET4 weight $INET4_WEIGHT"
   fi
fi
prev_state=`cat /tmp/loadbalance.state`
if ! [ $state = $prev_state  ]; then
   logger configuring new route table 222
   ip route flush table 222
   ip route flush cache
   ip route add default table 222 proto static $route1 $route2 $route3 $route4
   echo $state > /tmp/loadbalance.state
   logger loadbalance error state changed from $prev_state to $state
fi


I guess it would be possible to make 1 routine for the ping test and pass it parameters but that is a matter of taste. Sometimes the more efficient code is one that is easier for humans to read, understand, and diagnose than one that is made more efficient for computers to run.

[yeager]

Why is this problem solved, when you dont know, where to put your skript? Can you tell me pleas, how can i test your new failover addon?

[bobbb]

Well it is Solved because the script is posted above and it works. Making a package is another thing.

I meant that I don't know where to post it here in this forum. As a moderator, maybe I have space here. Don't know. Will check that.
--------------------
I read the instructions for addons so I will do that and post it.

[slthom]

Thanks for all the responses to my question. The only left to do is to install the package when it up and give it a test drive!

[bobbb]

I have it packaged and put it here: http://www.brazilfw.com.br/users/bobbb/ ... .check.tgz

Remember that you will have to schedule it at whatever interval that suits you. 15 minutes sounds nice.

This has never been in the real world. My testing consisted of 3 WAN NICS on BFW going to a hub with one workstation that had 3 IPs assigned to one NIC (simulating 3 gateways). Then I dropped an IP and ran the loadbalance.check script and watched what happened. Then brought it up again. And so on and so on.

Never tested the cron but that must work. All kinds of people here use it.

[Marcos do Vale]

Hi bobbb,

My testing consisted of 3 WAN NICS on BFW going to a hub with one workstation that had 3 IPs assigned to one NIC (simulating 3 gateways).

In my test I put 1 WAN NIC that had 4 IPs assigned on BFW going to a hub with 4 DSL modems.
Your script is very coll, but without MAC testing.
Change the NIC in your workstation ... or change the workstation with use the same IPs.
In the case to replace your DSL modem or gateway device, for example, the BFW not discovery the IP address to the new gateway. No shift the values in ARP table.

Look this:
http://www.brazilfw.com.br/users/marcos/keepalive.sh

Excuse my poor english

[bobbb]

In my test I put 1 WAN NIC that had 4 IPs assigned on BFW going to a hub with 4 DSL modems.

I don't have that (4 modems) Do a lot of people do it like that? 4 ISPs on I NIC? I really only have one ISP.

but without MAC testing

True. If the ISP changed the router at his end that would cause problems (for a lot of people). I'll try to test that and see.

Not sure about the DSL modem though. It is supposed to be a bridge. It should quickly learn the MACs on both side plus I wonder if the ARP entry would not expire in the time it takes to swap one out and another in

It's interesting that you check if balancing is on. I'll test that too but on top. If not ON -> exit. Why bother with the script at that point? Hmmm I wonder why someone would install the script and have balancing off? But I guess if it could happen it will happen one day.

[slthom]

I will give your package a try on Monday when I am in the office.

I will keep you updated.

Thanks for working on it!

Have a great weekend.

[bobbb]

An interesting situation has come up about DNS and load balancing.

Read this thread especially the parts about DNS near the end. viewtopic.php?f=3&t=63812

[n9xcr]

This script appears to be exactly what I need for my situation. We have to internet connections through Comcast, one of which isn't very reliable but there is nothing I am authorized to do about it. My BrazilFW box is behind two routers, and both of my Internet NICs have internal IP Addresses. Does the script ping the gateway (router) or an internet address? I imagine, from what I was looking at above, that this is something I could modify in the script. I just want to verify that it is, in fact, the case.

Thank you,
Chris

[bobbb]

The gateway. There is no way I can determine your Internet IP if you are behind 1 or more routers in your office.

Edited 2008/11/18:
The script has now been modified to have the GWs as a user configurable variable but there is still a catch. It is all described here: Load Balance Failover

[yeager]

Is it possible to use this skript without LoadBalancing? So i will use in same time only one link, and when is dead, then switche to the second link.

[bobbb]

Let me look at it.

[yeager]

Hi Bob
Have you time to look at it?

[yeager]

Is it possible to use this skript without LoadBalancing? So i will use in same time only one link, and when is dead, then switche to the second link.

One more time. Have you time to look at this

[bobbb]

In this thread you said you used load-balancing: Port redirection to selected NIC [Solved]
So I never checked.

That script uses variables and routing tables that depend on the load-balance initialisation script so I guess not.

So i will use in same time only one link, and when is dead, then switche to the second link.

Is that second link up all the time also?

[yeager]

My second link is a 2Mbit DSL and on 99% a time is up. My first link is 8Mbit via wireles and sometimes have a probleme whit connection (10% is down).

[bobbb]

Maybe something can be invented. It should be a GW and DNS change on the fly. Hmmm... I wonder about traffic coming in or in transit; but at that point the link is dead anyway and client PCs waiting for that are going to time out. How long does the primary stay dead for? Hours or minutes?

[yeager]

Sometimes hours sometimes minutes. In last year i have many problems, upgrade servers on othest side, upgrade wirelwss hw, probleme whit electric power....