LARTC - May 2006 - Routing and Redundancy Delima

My setup:

LAN A
 |
 |-- Wireless-r1 --|
 |-- Wireless-r2 --|
 ..................|
 .................LAN B

 
LAN A is my primary (external) LAN. LAN B is my wireless LAN. LAN A does
iBGP and OSPF routing. Each wireless router does the following:

2 Bridged Ethernet + STP connections to LAN A
2 Bridged Ethernet + STP connections to LAN B
2 VLANs on LAN A
5 VLANs on LAN B
UCARP on each wireless VLAN (5). 
Quagga - zebra, bgpd, ospfd (on LAN A)

UCARP provides a virtual IP address for the gateway for each VLAN on the
wireless side. The goal is to provide complete, hot-failover redundancy
to wireless-r2 in the event wireless-r1 goes down (maintenance, failure,
etc). Ideally, the system should not loose a single packet in the event
of a failure. UCARP can accomplish this (already tested). If traffic is
being routed from the Internet to the wireless side by going through
wireless-r2, there is no issue with bringing down the interfaces on the
wireless side of wireless-r1 -- traffic reroutes accordingly with no
packet loss. If the traffic is being routed through wireless-r1 by
default, we loose (at most) 2 packets, but sometimes none, when we bring
down the ethernet connectivity on the wireless side of wireless-r1. 

My real issue comes in with the fact that sometimes, OSPF chooses
wireless-r2 as the default route from the Internet to the customer and
UCARP uses wireless-r1 for the reverse direction. The iptables rules and
bandwidth shaping rules ruly on connection tracking and marking to limit
bandwidth and do statistics and things. Since half of each flow is going
through the other router, things do not get handled entirely correctly.
Also, in certain circumstances, it is possible to get the wireless
bridged interfaces to stop passing traffic while not triggering a route
down message through OSPF, which basically causes the traffic to come to
a dead stop as OSPF thinks the route still exists, but UCARP does not.
UCARP fails over in this instance, but not the routing. 

So, my real question in all of this is how do I get UCARP and Quagga to
talk to each other and update each other on their state. Essentially, I
would like to get UCARP to turn off actual routing (but not route
updates) through the machine if UCARP is in slave mode. Also, when UCARP
goes to master mode, it should turn the routing back on. I think I can
accomplish this much by modifying my vip-up and vip-down shell scripts
to change the metric on the route so that the slave metric is higher
than the master metric. Unfortunately, going the other way is much more
difficult. How in the world do I get Quagga to put UCARP in slave mode
if the OSPF routing goes down, and then put UCARP in master mode when
OSPF comes back up? I''ve seen times when Quagga looses its OSPF
neighbors and needs ospfd to be restarted. When something like this
happens, UCARP should go into slave mode and the backup router should
kick in. I''m not sure how to pull this off short of a cronjob, which
seems like a hack, and probably won''t react fast enough to prevent an
outage. 

Anyone have any suggestions on solving these issues? 

PS. I''m also going to try the Quagga and UCARP lists, but I thought I
would pose this question here, too, since it is for advanced routing and
traffic control, which is precisely what I''m trying to do.


Thanks in advance.

Eliot Gable
Certified Wireless Network Administrator (CWNA)
Certified Wireless Security Professional (CWSP)
Cisco Certified Network Associate (CCNA)
CompTIA Security+ Certified
CompTIA Network+ Certified
Network and System Engineer
Great Lakes Internet, Inc.
112 North Howard
Croswell, MI 48422
(810) 679-3395
(877) 558-8324
 
Now offering Broadband Wireless Internet access in Croswell, Lexington,
Brown City, Yale, Worth Township, and Sandusky. Call for details.