While this may sound a bit off topic I suspect this list can be the best regarding _experience_ in linux routers failover. So forgive me if you my question is not exactly what you might expected. I have linux router (iptables + iproute2) transmiting (quite big) network traffic between 4 local LANs. The router works very well but I prepared, in case of hardware failures, another, similar router with the same configuration. But when the failure occurs I have to manually change cords into the new router. Of course it is not the most comfortable solution. So I am looking for a failover solution for such LAN. The most important thing is the router has four routing NICs. And all of them should be taken over to a failover router. Does anybody use such "failover" (working !) solution ? przemol _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I played with failover from heatbeat with this. It seemed to do everything you''re looking for. Make sure that you have at least one spare IP address on each subnet dedicated to each firewall. I''m not sure if its necessary, but it makes the failover more friendly. I had a lot of problems with false failovers and their IP probing tool. It didn''t failover when necessary and sometimes it did partial takeover, but not failover, and sometimes they both failed over, effectively having two idential IP''s on every subnet. This was ugly. I do admit that I could probably get it working if I had more time to get it working in a development environment instead of prod. IP takeover and gratuitous arp spamming works Detection of mutually dead IP''s, I don''t think it works too well. It always seemed to assume that the entire node was fcked, and cause itself to failover, but since both thought that, there was no bound IP''s!!! Not to discourage you for the attempt, but just expect some rough spots along the way. przemolicc@poczta.fm wrote:> While this may sound a bit off topic I suspect this list > can be the best regarding _experience_ in linux routers failover. So > forgive me if you my question is not exactly what you might expected. > > I have linux router (iptables + iproute2) transmiting (quite big) > network traffic between 4 local LANs. The router works very well but > I prepared, in case of hardware failures, another, similar router > with the same configuration. But when the failure occurs I have to > manually change cords into the new router. Of course it is not the > most comfortable solution. > > So I am looking for a failover solution for such LAN. The most > important thing is the router has four routing NICs. And all of them > should be taken over to a failover router. Does anybody use such > "failover" (working !) solution ? > > przemol > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Fri, Mar 19, 2004 at 12:09:11PM -0800, Daniel Chemko wrote:> I played with failover from heatbeat with this. > > It seemed to do everything you''re looking for. Make sure that you have > [...]Thanks for all responses. I will give a try all hearbeat-like solutions. But to make the problem simpler: once I pulled out all cords from working router and put them into the failover router ("manual takeover" ;-)) But all servers I was watching, had in their arp cache arps from the old router. How can I force them to use the new arp addresses ? I have read e.g. about fake but it let me takeover only one IP address. Any tool useful in 4-NICs-router environment ? przemol _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi! On Wednesday 24 March 2004 08:17, przemolicc@poczta.fm wrote:> the old router. How can I force them to use the new arp addresses ? > I have read e.g. about fake but it let me takeover only one IP address. > Any tool useful in 4-NICs-router environment ?You can use fake for more than one IP address as well - in fact I''m using it to takover 2 NICs of my squid server if that one should fail. Currently I have a simple script which periodically tests the reachability of the squid port and in case of failure I do something like fake <first NIC''s IP-Address> & fake <second NIC''s IP-Address> & works pretty good and has saved me from hassles quite a few times! It''s no perfect solution and you probably should go for Heartbeat if you are more serious - but hey, it''s simple and works fine for me :) Regards, Andreas _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
It''s called "gratuitous ARP". Look at the IpFail tool in heartbeat. I am sure there are programs standalone that do the same. przemolicc@poczta.fm wrote:> On Fri, Mar 19, 2004 at 12:09:11PM -0800, Daniel Chemko wrote: >> I played with failover from heatbeat with this. >> >> It seemed to do everything you''re looking for. Make sure that you >> have [...] > > Thanks for all responses. I will give a try all hearbeat-like > solutions. But to make the problem simpler: once I pulled out all > cords from working router and put them into the failover router > ("manual takeover" ;-)) But all servers I was watching, had in their > arp cache arps from the old router. How can I force them to use the > new arp addresses ? I have read e.g. about fake but it let me > takeover only one IP address. Any tool useful in 4-NICs-router > environment ? > > przemol > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: > http://lartc.org/_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/