On Mon, 6 Feb 2006 23:54:21 -0500, Steven S wrote: >[EMAIL PROTECTED] wrote: >> John R. Shannon wrote: >>> On Monday 06 February 2006 06:46, Nickolay A Burkov wrote: >>>> Hi, All! >>>> >>>> I have a router with two external ethernet links to two different >>>> ISPs. Could someone recommend me a good technique to organize >> failover with >> these >... >>> I use ifstated for that purpose. >>> >> >> I do have a similar situation in my work. We have two ADSL connections >> to two different ISP's. I did an ifstated configuration and some shell >> scripts that basically do the following things: >> >> a) check if any of the internet links in the modems are up, using snmp >> (if your device has support to snmp, the majority of the DSL/ADSL >> routers does) >... > >I used ifstated with ping to the other side of the link (as determined by >traceroute). You might need to create a static route or use the route-to pf >command to make sure you're pinging through the correct interface to >determine the state. This shows my ifstated.conf: >http://marc.theaimsgroup.com/?l=openbsd-misc&m=113776959830873&w=2 > >I ended up moving the ping to, '("ping -q -c 3 -w 2 10.10.10.1 > /dev/null" >every 30)' and using a single "if" statement in the downed states. I also >found moving everything in pf that did a route-to to an anchor was helpful. >Then I reload the anchor as shown in the ifstated.conf in the link. Because >this is an active test I also reserved a little (very little) bandwidth via >altq for this ICMP traffic. > >Another approach might be to test to see if there is _any_ traffic coming >into an interface, if not, it is probably down. BTW, I do this with dual >carp'ed firewalls with site-to-site ipsec VPNs and OpenVPN for road >warriors. > >Thanks for the great OS! > >-Steve S. > >
I don't see any ping commands of the form: ping -I fxp0 .......... in examples of ifstated use. I would think that forcing the interface to be used would be useful to prevent misleading results. Whilst I'm at it: Why wouldn't I change the default route by doing a route delete default && route add default $SecondChoice type command and the reverse when a link comes up on $FirstChoice ? In general I'd love to see some more configurations with all the relevant pf.conf bits so that I can study an example or three in conjunction with the ifstated manpage. I think I'm going to have to set up a lab test and see what works well but some other viewpoints may may choosing a better way easier. >From the land "down under": Australia. Do we look <umop apisdn> from up over? Do NOT CC me - I am subscribed to the list. Replies to the sender address will fail except from the list-server.
