On Wed, Feb 21, 2007 at 12:00:51PM -0600, Chris Black wrote:
> I am trying to set up failover default routes. The situation is three
> OpenBSD machines, client, rtr0 and rtr1. Client has two interfaces, one
> with a crossover link to rtr0 and one to rtr1. I would like the default
> route for client to be rtr0 unless rtr0 has failed in some way
> (unreachable, etc). As far as I know, I can not use carp to give a
> single default route ip carp'd between rtr0 and rtr1 because they are
> not on a shared network. I know this has been discussed before and have
> read some archived posts (including the recent "inet failover solution"
> thread) but still have questions. I have read about the following
> options but would like some guidance/advice (and of course any pointers
> to previous docs/posts):
> 1) ifstated with ping and if.up tests and executing route commands
> The idea here would be ifstated would trigger commands something like:
> route delete default rtr0.ip; route add default rtr1.ip
That's a simple solution, so should mostly Just Work.
> 2) ifstated executing pf table change commands
> Same sort of tests, but instead of issuing route commands, change a pf
> table that is being used as a "route-to". I am not sure exactly what
> this would look like yet. I am not sure what this would look like yet, I
> am still reading more on route-to.
>
> Downsides to ifstated approach is that I would like to use ifstated to
> also control a different set of interfaces from client, so this may
> create a complex many-state ifstated.conf.
Sounds too complex.
> 3) new multipath routing, but somehow disable one route
> This one confuses me a bit. I read the presentation about the new
> multipath routing and some associated docs and it seems that multipath
> routing can only be used for balancing across routes based on source. I
> really want to have a failover set up, NOT load balancing so I don't
> think this would work.
Me neither.
> 4) ospf, bgp
> I am aware of these routing daemons but really don't know too much about
> them. I read some docs and it seemed overly complex for setting up just
> a simple failover default route on internal machines.
They *would* be the canonical answer, of course. I'd be inclined to
recommend them - neither is perfect, but both are far better than
anything home-grown in the time it takes to set them up (and, unless you
are quite smart, experienced, and have lots of time, most likely
anything home-grown at all).
I'd go with 1 or 4, myself. The first is probably faster to set up; the
second should be more reliable, more flexible, and look better on your
CV. Plus it's more fun.
Joachim
