Adam, Not sure if I can offer an absolute solution for you, but here\'s my thinking to see if we can understand things better. Replies/comments inline...
On 03.07.2002 at 07:12:54, Adam Thornton <[EMAIL PROTECTED]> wrote: > What I need to do is set up failover static routing on an > OSA/HiperSockets network. Basically the network looks like this: > > > +---Firewall---+ > |G L |G L > |u A |u A > OSA --- Router ---+e N |e N > |s |s > OSA --- Router ---+t 1 |t 2 > | | > | | > +---Firewall---+ > > For the routers and the guests on LAN 1 I want to do something like > > ip route append glan2/mask via f1 > ip route append glan2/mask via f2 > > And the guests on LAN2 should do something like > > ip route append default via f1 > ip route append default via f2 > > The guests on LAN1 get something like > > ip route append default via r1 > ip route append default via r2 I\'m assuming that these f1/f2/r1/r2 specifications are the IP addresses for the respective routers/firewalls. > (And yes, the OSAs have been set up as primary and secondary routers) > > The intended effect is \"get there through r1 if it\'s there, and if it > isn\'t, try r2\". Or if you\'re talking about something on Guest LAN 2, > \"through f1 if it\'s there, and f2 if it isn\'t.\" > > However, when I do this, and then take away one of the firewall > machines, the route does not fail over. Instead, the machine just keeps > trying to go through the first-listed interface, which is no longer > present. I am using a HiperSockets rather than a QDIO virtual network, > so I don\'t have broadcast. I think that the problem you\'re seeing is because the route to the router/firewall (i.e. the Guest LAN) is still up. According to the route table, you can still reach f1/r1, so the backup path to f2/r2 will never be chosen *even though* f1/r1 is not responding. Some kind of intervention to add a poison route to f1/r1 would be required. This might be difficult to implement... Dynamic routing would normally do this route table manipulation for you, but we have discussed previously that it is undesirable to run gated and friends on your worker penguins. > Do I need to explicitly add metrics giving preferences? Do I need to > create multiple tables and assign weights to those tables? How do I do > that? Metrics won\'t help, unless you\'re referring to a means of changing the metric based on reachability (similar to what I mentioned about a poison route, similar difficulties apply). > Puzzled, > Adam One thing that might help here (and it might sound like an off-the-wall idea, so stay with me) is to use some kind of high-availability solution to present a single router IP address for f1/f2 and for r1/r2. This might be as simple as configuring the extra IP address against the Guest LAN interface on f1/f2/r1/r2. Then, in your worker penguins, it\'s just a single route to the common IP address. Note that this is theory, I\'ve never tested this or even verified that it\'s possible. Experimentation time. However, I know the concept works: Cisco have a feature called \"Hot Standby Routing Protocol\" that presents this kind of \"virtual router\", and used it to share load between routers as well as provide high-availability. Hope this is helpful (and sorry I don\'t have a precise answer)! Cheers, Vic -- Vic Cross MACS mailto:[EMAIL PROTECTED] Networking, Linux, on zSeries and S/390
