On 06/21/07 10:35, Peter Rabbitson wrote:
I don't know about any working in-kernel solutions, but you can do it
trivially with netfilter and a cronjob:
<snip>
If I understand what you are proposing correctly, it looks like you are
jumping to a sub-chain used used only for counting traffic. If the
counters show traffic, you are saying that traffic is flowing across the
link and thus the link must be up and functional. Right?
If the link is not up and functional the take action to not use that link.
I'm also not clearly understanding how matching the source IP will work
on either link considering that both links will have the capability to
pass traffic for the same globally routable DMZ subnet. Though I think
this could be mitigated by altering the rules to count packets going out
or coming in an interface rather than based on source / destination IP.
Of course you can have up to 1 minute of downtime, but it does not look
so bad IMO.
One minute may or may not be bad. I know that it is a long time (when
you are trying to ssh) but automatic failover is better than manual.
And the one minute will probably be much faster than manual failover.
Grant. . . .
_______________________________________________
LARTC mailing list
LARTC@mailman.ds9a.nl
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
