I have implented Multiple Internet Connection with shorewall 4.0.7, just reading the documentation and this works very well.(Thaks for the great doc) I am able to disconnect primary Internet feed and automatically Shorewall redirect the outgoing connection to the backup one. However, when I do connect or restore the feed for primary internet connection, the route still continue pointing to backup. I''ve been trying to figure out if exist some config or delay to move default route back to Primary, but I didn;t have luck. Does exist any config to do that? iF this exist, can you provide me some guideline? Your help will be very well appreciated Rgds, Clo Claudio González System Administrator Chile - Argentina. Internet Securities de Chile Ltda. Enrique Foster Sur 39, piso 5º. Las Condes. Santiago. Chile. Direct: +56 2 6511080 ext 103 Fax: +56 2 3621585 Movil: +56 9 98258307 ISI Emerging Markets. A Euromoney Institutional Investor Company. ______________________________________________________________________ This communication contains information which is confidential. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s) please note any distribution, copying or use of this communication or the information in it is strictly prohibited. If you have received this communication in error please notify us by e-mail or bytelephone (as above) and then delete the e-mail and all attachments and any copies thereof. ______________________________________________________________________ ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Claudio Gonzalez wrote:> I have implented Multiple Internet Connection with shorewall 4.0.7, just > reading the documentation and this works very well.(Thaks for the great > doc) I am able to disconnect primary Internet feed and automatically > Shorewall redirect the outgoing connection to the backup one.No it is not. From the MultiISP document: "What an entry in the Providers File Does NOT Do Given that Shorewall is simply a tool to configure Netfilter and does not run continuously in your system, entries in the providers file do not provide any automatic failover in the event of failure of one of your Internet connections."> > However, when I do connect or restore the feed for primary internet > connection, the route still continue pointing to backup. > > I''ve been trying to figure out if exist some config or delay to move > default route back to Primary, but I didn;t have luck.If you want to automatically restore routing in this case, you will need to run a script in the background that periodically checks the health of each of your internet connections and that restarts Shorewall when one of the interfaces comes back up. In this case, I recommend that all providers have the ''optional'' option. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
On Mon, Jan 14, 2008 at 07:28:10AM -0800, Tom Eastep wrote:> > However, when I do connect or restore the feed for primary internet > > connection, the route still continue pointing to backup. > > > > I''ve been trying to figure out if exist some config or delay to move > > default route back to Primary, but I didn;t have luck. > > If you want to automatically restore routing in this case, you will need > to run a script in the background that periodically checks the health of > each of your internet connections and that restarts Shorewall when one > of the interfaces comes back up. In this case, I recommend that all > providers have the ''optional'' option.But maybe you should be using quagga instead. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Andrew Suffield wrote:> On Mon, Jan 14, 2008 at 07:28:10AM -0800, Tom Eastep wrote: >>> However, when I do connect or restore the feed for primary internet >>> connection, the route still continue pointing to backup. >>> >>> I''ve been trying to figure out if exist some config or delay to move >>> default route back to Primary, but I didn;t have luck. >> If you want to automatically restore routing in this case, you will need >> to run a script in the background that periodically checks the health of >> each of your internet connections and that restarts Shorewall when one >> of the interfaces comes back up. In this case, I recommend that all >> providers have the ''optional'' option. > > But maybe you should be using quagga instead.Depending on whether your providers support routing protocols on the gateway routers. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
On Mon, Jan 14, 2008 at 12:58:32PM -0800, Tom Eastep wrote:> Andrew Suffield wrote: > > On Mon, Jan 14, 2008 at 07:28:10AM -0800, Tom Eastep wrote: > >>> However, when I do connect or restore the feed for primary internet > >>> connection, the route still continue pointing to backup. > >>> > >>> I''ve been trying to figure out if exist some config or delay to move > >>> default route back to Primary, but I didn;t have luck. > >> If you want to automatically restore routing in this case, you will need > >> to run a script in the background that periodically checks the health of > >> each of your internet connections and that restarts Shorewall when one > >> of the interfaces comes back up. In this case, I recommend that all > >> providers have the ''optional'' option. > > > > But maybe you should be using quagga instead. > > Depending on whether your providers support routing protocols on the > gateway routers.It works without that if the interfaces go up and down at the appropriate moments (ie, they''re ppp interfaces or something similar). In that configuration it''s a routing network consisting of a single host with no routing protocols running, which is a little weird, but functional. You simply give zebra a bunch of static routes with suitable metrics, and it inserts and removes them as the interfaces change state. ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
Andrew Suffield wrote:> On Mon, Jan 14, 2008 at 12:58:32PM -0800, Tom Eastep wrote:. >> Depending on whether your providers support routing protocols on the >> gateway routers. > > It works without that if the interfaces go up and down at the > appropriate moments (ie, they''re ppp interfaces or something > similar). In that configuration it''s a routing network consisting of a > single host with no routing protocols running, which is a little > weird, but functional. You simply give zebra a bunch of static routes > with suitable metrics, and it inserts and removes them as the > interfaces change state.Interesting. Thanks, -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- Check out the new SourceForge.net Marketplace. It''s the best place to buy or sell services for just about anything Open Source. http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
On Mon, 2008-01-14 at 14:28 -0800, Tom Eastep wrote:> Andrew Suffield wrote: > > On Mon, Jan 14, 2008 at 12:58:32PM -0800, Tom Eastep wrote:. > >> Depending on whether your providers support routing protocols on the > >> gateway routers. > > > > It works without that if the interfaces go up and down at the > > appropriate moments (ie, they''re ppp interfaces or something > > similar). In that configuration it''s a routing network consisting of a > > single host with no routing protocols running, which is a little > > weird, but functional. You simply give zebra a bunch of static routes > > with suitable metrics, and it inserts and removes them as the > > interfaces change state. > > Interesting.Interesting, yes, but in my experience, the vast majority of ISP troubles are blackholes after the last mile connection. IOW, interface to the ISP stays up but nothing you send via the ISP goes anywhere. Thi s especially true of the bridged ethernet/DHCP type outfits like the Cable companies. My cable could be sliced outside my house and my interface will stay up. The news with DSL/PPPoE is a bit better. If my phone line dies the PPP interface will go down. That is only due to the keep-alive mechanism built into PPP that one can enable. Sure one could probably cobble up a keep-alive for bridged ethernet situations and fiddle with interfaces based on it but what would be more interesting though would be for quagga to have that ability built in. A lot of this goes back to Tom''s past assertions that Linux needs a good/proper routing solution. I tend to agree with him. I have not really thought about requirements for such a beast but I do know that trying to manage routing and routing tables in linux is akin to programming in assembler. b. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Tue, Jan 15, 2008 at 10:03:29AM -0500, Brian J. Murrell wrote:> On Mon, 2008-01-14 at 14:28 -0800, Tom Eastep wrote: > > Andrew Suffield wrote: > > > On Mon, Jan 14, 2008 at 12:58:32PM -0800, Tom Eastep wrote:. > > >> Depending on whether your providers support routing protocols on the > > >> gateway routers. > > > > > > It works without that if the interfaces go up and down at the > > > appropriate moments (ie, they''re ppp interfaces or something > > > similar). In that configuration it''s a routing network consisting of a > > > single host with no routing protocols running, which is a little > > > weird, but functional. You simply give zebra a bunch of static routes > > > with suitable metrics, and it inserts and removes them as the > > > interfaces change state. > > > > Interesting. > > Interesting, yes, but in my experience, the vast majority of ISP > troubles are blackholes after the last mile connection. IOW, interface > to the ISP stays up but nothing you send via the ISP goes anywhere. Thi > s especially true of the bridged ethernet/DHCP type outfits like the > Cable companies. My cable could be sliced outside my house and my > interface will stay up. > > The news with DSL/PPPoE is a bit better. If my phone line dies the PPP > interface will go down. That is only due to the keep-alive mechanism > built into PPP that one can enable.Here in the UK, you can choose between DSL with PPPo[AE], or expensive ISDN-based lines, so it''s a fairly reliable approach for me. If you live in an area where pseudo-ethernet cable connections are the norm, this will indeed not work for you, since they don''t bother implementing link state.> A lot of this goes back to Tom''s past assertions that Linux needs a > good/proper routing solution. I tend to agree with him. I have not > really thought about requirements for such a beast but I do know that > trying to manage routing and routing tables in linux is akin to > programming in assembler.quagga''s the best that''s currently available. I''d certainly be happy to see something better, but I''m not going to lose any sleep over it. It''s still easier to work with than IOS. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
On Tue, 2008-01-15 at 15:23 +0000, Andrew Suffield wrote:> > quagga''s the best that''s currently available.I think I/we are talking about a different level of management than you are. Quagga implements routing protocols and would be an input to a comprehensive routing package. It''s not a routing manager in the sense that I/we are thinking about though. For example, it will only manipulate the main routing table, not any others. If you set up Shorewall with multiple ISPs and then quagga adds some thing to the main routing table in the presence of something new on the network, the provider specific routing tables will not be updated. b. ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/