Hi.
I need to setup "one route" to a certain destination network (indeed
it''s another LAN, which I want to connect to, i.e. I''m
creating a
simple VPN). I have 2 possible gateways:
a) Fast (through an ADSL line via 192.168.7.254. This is a CIPE
connection)
b) Slow (through a RDSI line via 192.168.5.3. This is pure PPP)
The situation I''m looking for is having two real routes to the
destination network (via the fast gateway and the slow one
respectively) but only the first (=fast) one is used in normal
conditions. The second (=slow) one will only be used in case the first
breaks (i.e. failover mode).
I''ve tried to enter two different routes to the same destination and
it seems not to be permitted:
goliat:/etc/iproute2 # ip route list table roman
192.168.7.254 dev cipcb0 scope link
default via 192.168.5.1 dev eth1
goliat:/etc/iproute2 # ip route add 192.168.1.0/24 via 192.168.7.254
table roman
goliat:/etc/iproute2 # ip route add 192.168.1.0/24 via 192.168.5.3
table roman
RTNETLINK answers: File exists
Nevertheless I''ve checked the main table and I can see
"duplicated"
routes (these were introduced by the "route" command):
goliat:/etc/iproute2 # ip route list
62.22.78.68 via 192.168.5.1 dev eth1
62.22.78.68 via 192.168.5.2 dev eth1
192.168.7.254 dev cipcb0 proto kernel scope link src 192.168.6.254
192.168.5.0/24 dev eth1 proto kernel scope link src 192.168.5.200
192.168.3.0/24 via 192.168.5.3 dev eth1
192.168.2.0/24 via 192.168.5.3 dev eth1
192.168.1.0/24 via 192.168.5.3 dev eth1
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.200
127.0.0.0/8 dev lo scope link
default via 192.168.5.1 dev eth1
goliat:/etc/iproute2 #
Note the 62.22.78.68 route. Now it is permitted !
Is this last one a multipath route or what am I missing?
Is it possible to reach the failover state I''m looking for? Any
experiences with that?
Another possible case (perhaps it works) would be to set up a
multipath route and use a very high metric for the slow gateway, but
this is not exactly what I want ''cause I want the slow gateway to be
used IF and ONLY IF the fast one is down.
Please, help. Thx in advance.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- ** RoMaN SoFt / LLFB **
roman@madrid.com
http://pagina.de/romansoft
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
On Thu, Jul 12, 2001 at 04:47:57PM +0200, RoMaN SoFt / LLFB!! wrote:> > Hi. > > I need to setup "one route" to a certain destination network (indeed > it''s another LAN, which I want to connect to, i.e. I''m creating a > simple VPN). I have 2 possible gateways: > a) Fast (through an ADSL line via 192.168.7.254. This is a CIPE > connection) > b) Slow (through a RDSI line via 192.168.5.3. This is pure PPP) > > The situation I''m looking for is having two real routes to the > destination network (via the fast gateway and the slow one > respectively) but only the first (=fast) one is used in normal > conditions. The second (=slow) one will only be used in case the first > breaks (i.e. failover mode). >I believe the only way for the kernel to recognize that there has been a failure, is the ethernet card detecting a line drop. If you can be sure that when the link goes down that this happens, you won''t need anything else except for the right rules in your routing setup. If your setup won''t do this, you''ll need a script that actively checks for connectivity, or for more complicated setups a routing protocol. If I''m wrong, someone please let me know. Mike
On Fri, Jul 13, 2001 at 09:53:24AM +0200, RoMaN SoFt / LLFB !! wrote:> On Thu, 12 Jul 2001 11:20:18 -0700, you wrote: > > >> The situation I''m looking for is having two real routes to the > >> destination network (via the fast gateway and the slow one > >> respectively) but only the first (=fast) one is used in normal > >> conditions. The second (=slow) one will only be used in case the first > >> breaks (i.e. failover mode). > > > >I believe the only way for the kernel to recognize that there has been > >a failure, is the ethernet card detecting a line drop. If you can be > >sure that when the link goes down that this happens, you won''t need > >anything else except for the right rules in your routing setup. > > I forgot to say that I also tried to use metric: two routes with > different metric (one with default metric [0, isn''t it] and the other > one with metric 10). This time I could enter the two routes to the > same destination but when the first gateway lose connectivity it seems > not to be detected. I''ll keep on doing some testing. > > I read in this list''s archives that the kernel routing code should > detect if the gateway is ok and in negative case switch to another > route (with greater metric). How does it work exactly? Which type of > checks are performed? >I don''t really know. I haven''t seen any traffic on the network that seems to try to detect connectivity.> Mike, the issue is not to detect when ethernet is broken (this is a > feature of the network card and it is used, for instance, in "bonding" > driver; indeed in that case my problem would be solved using this > driver in backup mode) but detecting when the destination network is > not reachable. So the gateway itself could be ok (it could have its > "receiving" ethernet up, I mean, my linux router [which I''m trying to > config] can reach the gateway) but its output line could be down > avoiding a correct deliver of packets (gateway can reach destination > network). > > Is it absolutely necessary to use a routing daemon in my case? Or the > metric trick should be sufficient for me? >I would guess that the kernel would need some icmp message sent to it to detect that a route is down. Like "dest unreachable" from the first hop. In my case, I have a bridged DSL connection, and if the link goes down, I won''t get the icmp either. I have another routed dsl connection, but I haven''t tested with that yet. With the bridged line, the packets go out, and don''t get any response. The kernel doesn''t do anything in this case. Do you know anything about C or C++ coding? If so, you could take a look at the routing code yourself and maybe get an idea of what is going on. My guess is that it requires dest-unreach to work. It''d change in the routing cache, and you wouldn''t see anything in your other tables change. Mike