LARTC - May 2004 - Dual Redundant Network routing [Question]

Greetings,

I have a routing problem I am hoping can be solved.

I have three networks.  A Private network, and a dual network the private
network connects too.  The internal network talks through a
gateway/router(linux redhat 7.2) that has a default route set that allows
the internal network to talk to a computer on the external networks.  The
external network is a Redundant network scheme in that if one of the
networks goes down, the gateway/router should automatically switch traffic
to the other network.  

I have several requirements.

1. The external dual network does not know anything about the internal
network.
2. The router has to be able to sense the network malfunction and auto
reroute the internal network to the secondary redundant network.

I have the internal network successfully talking to one of the dual networks
using this routing table:

Ip Address of Gateway and routing table of gateway (10.1.1.12)
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use
Iface
10.1.1.0       *                    255.255.255.0   U     0      0        0
eth4
10.8.0.0      10.8.0.137       255.255.0.0     UG    0      0        0 eth3
10.8.0.0      *                     255.255.0.0     U     0      0        0
eth3
10.9.0.0      10.9.0.137       255.255.0.0     UG    0      0        0 eth2
10.9.0.0      *                     255.255.0.0     U     0      0        0
eth2
127.0.0.0       *                  255.0.0.0       U     0      0        0
lo
default         10.1.1.12        0.0.0.0         UG    0      0        0
eth4


3 network cards: 10.8.0.137, 10.9.0.137, 10.1.1.12 in the gateway/router.

10.1.1.X is the internal network.
10.8.0.X is the 1st external network
10.9.0.X is the 2nd external network.

How do I get the autorerouting to work?  

Chris

----------------------------------------------------------------------------
-----------
Chris Litchfield
Ph. (757)-424-1004
Fax. (757)-424-1602
Senior Scientific Programmer
EDO Corporation 
"The views, opinions, and judgments expressed in this 
message are solely those of the author. The message 
contents have not been reviewed or approved by EDO."


_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

> How do I get the autorerouting to work?
In order to ''sense'' a dead link, you''re going to have
to use one of the
existing tools to do that (a part of heartbeatd), or role your own
network probe. There is no kernel component that does this.

If you''re rolling your own, the most well used technique to detect a
dead link is pinging static hosts located on each network segment. Since
you are dual-redundant of the same network, you''ll need top do a little
source routing. If you have a ping with the -j or the -I options, you
can cheat and socket bind ping to each physical network segement to test
the common IP''s.

You will need to automate this process with either a persistent program
or maybe a cron script.

Once you detect a failure, you need to handle the outage. This can be
done with marking a route dead or changing the default route to the
other interface. This shouldn''t be too hard.
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/

On Tuesday, 18 May 2004, at 13:36:21 -0700,
Daniel Chemko wrote:
> If you''re rolling your own, the most well used technique to detect
a
> dead link is pinging static hosts located on each network segment. Since
> you are dual-redundant of the same network, you''ll need top do a
little
> source routing. If you have a ping with the -j or the -I options, you
> can cheat and socket bind ping to each physical network segement to test
> the common IP''s.
> 
In the past I have implemented a Linux policy router with link failure
detection, but instead of "pinging" a remote host I use
"hping" to make
a TCP connection request to a remote IP at port 80. If this remote IP
address is known to be always up (for example, www.google.com''s IP)
this
can be a good level-7 health check.

Yo can do this from the router itself on any number of links. Just make
sure you understand Linux policy routing, and just before sendind the
probe packets make them go trhough the link you are trying to test.

Couple the above with a "state machine" to prevent considering a link
down when just one probe fails, and to make a link up again when it has
been so for long enough.
> Once you detect a failure, you need to handle the outage. This can be
> done with marking a route dead or changing the default route to the
> other interface. This shouldn''t be too hard.
> 
In my setup I have a routing table for each link to the Internet, each
table with just a default route to the Internet through this link. So
when I detect the link has gone down, I just make a "ip route change
table linkX default via ..." to reroute all traffic to another link.

Hope this helps.

-- 
Jose Luis Domingo Lopez
Linux Registered User #189436     Debian Linux Sid (Linux 2.6.6)
_______________________________________________
LARTC mailing list / LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/