Failover default route?
Bruce M. Simpson
bms at FreeBSD.org
Sat Aug 18 11:06:10 PDT 2007
Tuc at T-B-O-H.NET wrote:
> In my case, as always, its a bit "special". I have
> 2 OPENVPN tunnels, which I sent over different transits to
> the same end host. On that host, I do my NAT. SO, without
> getting into all sorts of hot/heavy things, is there a simple
> program to install to ping something via the first tunnel,
> and if it can't then switch my default route to the second
> tunnel? Or, do I just use a script like here :
As Bill correctly points out, reachability detection using a routing
protocol is often the preferred method, however this isn't always
available. Pinging is NOT the best practice, see RFC 1122 3.3.1.4:
http://www.freesoft.org/CIE/RFC/1122/56.htm
You could use ifstated to detect changes in the tunnel interface status
and switch default routes accordingly, though it doesn't significantly
reduce the amount of manual scripting you have to do.
Microsoft's TCP implementation performs dead gateway detection based on
triggered reselection as per RFC 816, however, they have a multipath
capable FIB which can hold the multiple next-hops and their state --
something to consider for later.
An incrememntal piecemeal change which folks might find OK may be to add
cost metrics back to the kernel radix trie, but that still has all the
aggro of changing the API.
regards
BMS
More information about the freebsd-net
mailing list