Best way to do failover default route? (ifstated, pf route-to, etc)
I am trying to set up failover default routes. The situation is three OpenBSD machines, client, rtr0 and rtr1. Client has two interfaces, one with a crossover link to rtr0 and one to rtr1. I would like the default route for client to be rtr0 unless rtr0 has failed in some way (unreachable, etc). As far as I know, I can not use carp to give a single default route ip carp'd between rtr0 and rtr1 because they are not on a shared network. I know this has been discussed before and have read some archived posts (including the recent "inet failover solution" thread) but still have questions. I have read about the following options but would like some guidance/advice (and of course any pointers to previous docs/posts): 1) ifstated with ping and if.up tests and executing route commands The idea here would be ifstated would trigger commands something like: route delete default rtr0.ip; route add default rtr1.ip 2) ifstated executing pf table change commands Same sort of tests, but instead of issuing route commands, change a pf table that is being used as a "route-to". I am not sure exactly what this would look like yet. I am not sure what this would look like yet, I am still reading more on route-to. Downsides to ifstated approach is that I would like to use ifstated to also control a different set of interfaces from client, so this may create a complex many-state ifstated.conf. 3) new multipath routing, but somehow disable one route This one confuses me a bit. I read the presentation about the new multipath routing and some associated docs and it seems that multipath routing can only be used for balancing across routes based on source. I really want to have a failover set up, NOT load balancing so I don't think this would work. 4) ospf, bgp I am aware of these routing daemons but really don't know too much about them. I read some docs and it seemed overly complex for setting up just a simple failover default route on internal machines. Thanks in advance, Chris
Re: Best way to do failover default route? (ifstated, pf route-to, etc)
On Wed, Feb 21, 2007 at 12:00:51PM -0600, Chris Black wrote: > I am trying to set up failover default routes. The situation is three > OpenBSD machines, client, rtr0 and rtr1. Client has two interfaces, one > with a crossover link to rtr0 and one to rtr1. I would like the default > route for client to be rtr0 unless rtr0 has failed in some way > (unreachable, etc). As far as I know, I can not use carp to give a > single default route ip carp'd between rtr0 and rtr1 because they are > not on a shared network. I know this has been discussed before and have > read some archived posts (including the recent "inet failover solution" > thread) but still have questions. I have read about the following > options but would like some guidance/advice (and of course any pointers > to previous docs/posts): > 1) ifstated with ping and if.up tests and executing route commands > The idea here would be ifstated would trigger commands something like: > route delete default rtr0.ip; route add default rtr1.ip That's a simple solution, so should mostly Just Work. > 2) ifstated executing pf table change commands > Same sort of tests, but instead of issuing route commands, change a pf > table that is being used as a "route-to". I am not sure exactly what > this would look like yet. I am not sure what this would look like yet, I > am still reading more on route-to. > > Downsides to ifstated approach is that I would like to use ifstated to > also control a different set of interfaces from client, so this may > create a complex many-state ifstated.conf. Sounds too complex. > 3) new multipath routing, but somehow disable one route > This one confuses me a bit. I read the presentation about the new > multipath routing and some associated docs and it seems that multipath > routing can only be used for balancing across routes based on source. I > really want to have a failover set up, NOT load balancing so I don't > think this would work. Me neither. > 4) ospf, bgp > I am aware of these routing daemons but really don't know too much about > them. I read some docs and it seemed overly complex for setting up just > a simple failover default route on internal machines. They *would* be the canonical answer, of course. I'd be inclined to recommend them - neither is perfect, but both are far better than anything home-grown in the time it takes to set them up (and, unless you are quite smart, experienced, and have lots of time, most likely anything home-grown at all). I'd go with 1 or 4, myself. The first is probably faster to set up; the second should be more reliable, more flexible, and look better on your CV. Plus it's more fun. Joachim
Re: Best way to do failover default route? (ifstated, pf route-to, etc)
Hello, On Wed, 21.02.2007 at 12:00:51 -0600, Chris Black <[EMAIL PROTECTED]> wrote: > 1) ifstated with ping and if.up tests and executing route commands > The idea here would be ifstated would trigger commands something like: > route delete default rtr0.ip; route add default rtr1.ip you didn't give too many details, so I speculate. If your two routers don't have the same IP set (eg, you're running two DSL lines to two different ISPs), then (1) is your only easy option (unless in your LAN ONLY). For the options below, you need either a specific application profile that lets you do NAT on one of the lines, or you need a common set of IP numbers. I'm not sure that multipath routing gives you failover, "only" load balancing. > 4) ospf, bgp > I am aware of these routing daemons but really don't know too much about > them. I read some docs and it seemed overly complex for setting up just > a simple failover default route on internal machines. This should be 4 and 5, imho. If you can use NAT, you might be able to inject a default route from both routers using OSPF. The client would also talk OSPF and learn both routes from your routers. If you have your own IP numbers (PI space, or you're a LIR), then you can (and usually must) use BGP. Best, --Toni++
