Hello, I have multi-isp configured and i''m using /etc/shorewall/rtrules to select the routing table to certain traffic patterns. With that all the traffic is sent using a specific provider. The problem arises when that specific provider fails. I would like to have that traffic failover to another provider and when the first provider is up again i would like to failback. How should i do that? P.S. - Failover is working fine. For all the traffic that is not specified in rtrules (and therefore is balanced by the providers file). RTRULES: 192.168.111.172/32 - vodafonef 26001 PROVIDERS: zon 1 1 main eth1 2.3.4.5 track,balance=2 vodafonef 6 6 main eth6 1.2.3.4 track,balance=8 Thanks, Nuno Fernandes ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
On 11/18/2013 7:01 AM, Nuno Fernandes wrote:> > > Hello, > > > > I have multi-isp configured and i''m using /etc/shorewall/rtrules to > select the routing table to certain traffic patterns. With that all the > traffic is sent using a specific provider. > > > > The problem arises when that specific provider fails. I would like to > have that traffic failover to another provider and when the first > provider is up again i would like to failback. > > > > How should i do that? >Are you running LSM? You must in order for this to work properly. Note that existing connections through the failed provider cannot fail over to the other provider; only new connections that would normally go through the failed provider can be handled by the remaining one. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ DreamFactory - Open Source REST & JSON Services for HTML5 & Native Apps OAuth, Users, Roles, SQL, NoSQL, BLOB Storage and External API Access Free app hosting. Or install the open source package on any LAMP server. Sign up and see examples for AngularJS, jQuery, Sencha Touch and Native! http://pubads.g.doubleclick.net/gampad/clk?id=63469471&iu=/4140/ostg.clktrk
On Monday 18 November 2013 07:54:01 Tom Eastep wrote:> On 11/18/2013 7:01 AM, Nuno Fernandes wrote: > > Hello, > > > > > > > > I have multi-isp configured and i''m using /etc/shorewall/rtrules to > > select the routing table to certain traffic patterns. With that all the > > traffic is sent using a specific provider. > > > > > > > > The problem arises when that specific provider fails. I would like to > > have that traffic failover to another provider and when the first > > provider is up again i would like to failback. > > > > > > > > How should i do that? > > Are you running LSM? You must in order for this to work properly. > > Note that existing connections through the failed provider cannot fail > over to the other provider; only new connections that would normally go > through the failed provider can be handled by the remaining one. > > -TomI''m using: # shorewall version 4.5.4.2 with swping. The failover works fine. If i loose a provider, all new traffic is redirected to the remaining connection and when the provider comes back up, new connections are routed back through both providers. The problems are on connections that are "forced" using rtrules to a specific provider. I would like to have them failover to the remaining provider when the main on fails and back again to that provider when it''s online. Any ideas? Thanks, Nuno Fernandes ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
On 11/18/2013 9:33 AM, Nuno Fernandes wrote:> On Monday 18 November 2013 07:54:01 Tom Eastep wrote:>> Are you running LSM? You must in order for this to work properly. >> >> Note that existing connections through the failed provider cannot fail >> over to the other provider; only new connections that would normally go >> through the failed provider can be handled by the remaining one. > > I''m using: > > # shorewall version > 4.5.4.2 > > with swping. The failover works fine. If i loose a provider, all new > traffic is redirected to the remaining connection and when the provider > comes back up, new connections are routed back through both providers. > > The problems are on connections that are "forced" using rtrules to a > specific provider. I would like to have them failover to the remaining > provider when the main one fails and back again to that provider when > it''s online. > > Any ideas?Once again -- you cannot cause existing connections to fail over to the other provider. When a provider fails, outgoing packets will try to use the other provider but there is no way that response packets can be returned back correctly (except in very limited setups where the upstream routers are closely associated and can fail over routing of incoming packets). -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
On Monday 18 November 2013 09:58:24 Tom Eastep wrote:> On 11/18/2013 9:33 AM, Nuno Fernandes wrote: > > On Monday 18 November 2013 07:54:01 Tom Eastep wrote: > >> Are you running LSM? You must in order for this to work properly. > >> > >> Note that existing connections through the failed provider cannot fail > >> over to the other provider; only new connections that would normally go > >> through the failed provider can be handled by the remaining one. > > > > I''m using: > > > > # shorewall version > > 4.5.4.2 > > > > with swping. The failover works fine. If i loose a provider, all new > > traffic is redirected to the remaining connection and when the provider > > comes back up, new connections are routed back through both providers. > > > > The problems are on connections that are "forced" using rtrules to a > > specific provider. I would like to have them failover to the remaining > > provider when the main one fails and back again to that provider when > > it''s online. > > > > Any ideas? > > Once again -- you cannot cause existing connections to fail over to the > other provider. When a provider fails, outgoing packets will try to use > the other provider but there is no way that response packets can be > returned back correctly (except in very limited setups where the > upstream routers are closely associated and can fail over routing of > incoming packets). > > -TomHello, Maybe i''m not making myself clear. I understand that existing connections can''t fail to the other provider. Let me explain it step by step: 1 - All is working fine. 1.1 - If a "new connection" is made from the internal network and it matches one of the rtrules rules it is routed through the stated provider. 1.2 - If a "new connection" is made from the internal network and it doesn''t match any of the rtrules rules it is routed through one of the providers (using balance ratio in the providers file). 2 - Swping detects that the main link is down. It does a: ${VARDIR}/firewall disable $INTF 3 - Main link is down. 3.1 - If a "new connection" is made from the internal network and it matches one of the rtrules rules it is not routed through the remaining provider. 3.2 - If a "new connection" is made from the internal network and it doesn''t match any of the rtrules rules it is routed through the remaining provider. Is it possible that 3.1 uses the remaining provider? Thanks for the help, Best regards, Nuno Fernandes ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk
On 11/18/2013 10:14 AM, Nuno Fernandes wrote:> On Monday 18 November 2013 09:58:24 Tom Eastep wrote: > >> On 11/18/2013 9:33 AM, Nuno Fernandes wrote: > >> > On Monday 18 November 2013 07:54:01 Tom Eastep wrote: > >> >> Are you running LSM? You must in order for this to work properly. > >> >> > >> >> Note that existing connections through the failed provider cannot fail > >> >> over to the other provider; only new connections that would normally go > >> >> through the failed provider can be handled by the remaining one. > >> > > >> > I''m using: > >> > > >> > # shorewall version > >> > 4.5.4.2 > >> > > >> > with swping. The failover works fine. If i loose a provider, all new > >> > traffic is redirected to the remaining connection and when the provider > >> > comes back up, new connections are routed back through both providers. > >> > > >> > The problems are on connections that are "forced" using rtrules to a > >> > specific provider. I would like to have them failover to the remaining > >> > provider when the main one fails and back again to that provider when > >> > it''s online. > >> > > >> > Any ideas? > >> > >> Once again -- you cannot cause existing connections to fail over to the > >> other provider. When a provider fails, outgoing packets will try to use > >> the other provider but there is no way that response packets can be > >> returned back correctly (except in very limited setups where the > >> upstream routers are closely associated and can fail over routing of > >> incoming packets). > >> > >> -Tom > > > > > > Hello, > > > > Maybe i''m not making myself clear. I understand that existing > connections can''t fail to the other provider. Let me explain it step by > step: > > > > 1 - All is working fine. > > 1.1 - If a "new connection" is made from the internal network and it > matches one of the rtrules rules it is routed through the stated provider. > > 1.2 - If a "new connection" is made from the internal network and it > doesn''t match any of the rtrules rules it is routed through one of the > providers (using balance ratio in the providers file). > > > > 2 - Swping detects that the main link is down. It does a: > > ${VARDIR}/firewall disable $INTF > > > > 3 - Main link is down. > > 3.1 - If a "new connection" is made from the internal network and it > matches one of the rtrules rules it is not routed through the remaining > provider.The ''disable'' command should be deleting the rtrules for the failed provider. Are you saying that is not the case? -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Shape the Mobile Experience: Free Subscription Software experts and developers: Be at the forefront of tech innovation. Intel(R) Software Adrenaline delivers strategic insight and game-changing conversations that shape the rapidly evolving mobile landscape. Sign up now. http://pubads.g.doubleclick.net/gampad/clk?id=63431311&iu=/4140/ostg.clktrk