LARTC - Feb 2002 - More things about /proc / failover of default gateway

Hi,
during testing with failover of the default gateways we found out the
following:
/proc/sys/net/ipv4/route/gc_timeout is some sort of timeout value,
after which the kernel declares a route to be dead.

What is the setup:
We have a system that is connected with two NIC''s to a switch.
These NIC''s are in the same lan, but carry different networks:
A host with two nics on a switch:
ip link set dev eth0 up
ip link set dev eth1 up
ip addr add 192.168.1.10/24 dev eth0
ip addr add 192.168.2.10/24 dev eth1
ip route add default via 192.168.1.1
ip route add default via 192.168.2.1
echo 0 > /proc/sys/net/ipv4/conf/eth0/rp_filter
echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter

A single router configuration (from a failover cluster):
ip link set dev eth0 up
ip addr add 192.168.1.1/24 dev eth0
ip addr add 192.168.2.1/24 dev eth0

As long as everything works, you will reach 192.168.2.10 through eth1,
and 192.168.1.10 through eth0.

If you unplug one of the two devices (simulating a dead nic), it will take
some time plus gc_timouet (in seconds) for linux to declare one of the two
default gateways as dead, and to start to use the other default gateway.
As long as your source address is not within 192.168.1.0/24 or
192.168.2.0/24, the kernel must use a default gateway, and therefore
your link will be redundant.
Setting gc_timeout to 10 seconds gave us a failover time of about 110
seconds for existing connections.
I did not look at the timers of the router etc, so that also is important.
-- 
<ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html 
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/

On Fri, Feb 22, 2002 at 02:07:19PM +0100, Ard van Breemen
wrote:
> Hi,
> during testing with failover of the default gateways we found out the
> following:
> /proc/sys/net/ipv4/route/gc_timeout is some sort of timeout value,
> after which the kernel declares a route to be dead.
I added this:

/proc/sys/net/ipv4/route/gc_elasticity

	Values to control the frequency and behavior of the garbage collection
	algorithm for the routing cache. This can be important for when doing
	failover. At least gc_timeout seconds will elapse before Linux will skip to
	another route because the previous one has died. By default set to 300, you
	may want to lower it if you want to have a speedy failover.

	Also see this post by Ard van Breemen.

where ''this post'' is a link to your posting.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
http://lartc.org           Linux Advanced Routing & Traffic Control HOWTO

On Sun, Feb 24, 2002 at 11:06:26AM +0100, bert hubert
wrote:
> I added this:
> 
> /proc/sys/net/ipv4/route/gc_elasticity
> 
> 	Values to control the frequency and behavior of the garbage collection
> 	algorithm for the routing cache. This can be important for when doing
> 	failover. At least gc_timeout seconds will elapse before Linux will skip
to
> 	another route because the previous one has died. By default set to 300,
you
> 	may want to lower it if you want to have a speedy failover.
Well, either you are a m4st3erh4ck0r, and you read the source, or you
found that information somewhere else. Ok, I just skimmed through the
source...  Alexey''s mind is to great to add the wise comments my feeble
mind needs :(.

I am just emperically trying the settings this time to understand this
gc_ stuff... As far as I know being able to handle alternative routes
for when the primary route is dead is a host requirement.

BTW: I think that hosts should have simple failover controls like this,
but routers need and can have better failover controls than this.
I posted a rather simplistic nic monitor on linux-ha-dev last week, to
monitor a nic''s health by arping(using arping ;)) the switch on a
private
vlan. This way I can have any number of nic''s monitored by one daemon.
-- 
<ard@telegraafnet.nl> Telegraaf Elektronische Media  http://wwwijzer.nl
http://leerquoten.monster.org/ http://www.faqs.org/rfcs/rfc1855.html 
Let your government know you value your freedom. Sign the petition:
http://petition.eurolinux.org/