Use 1 of 3 available inet GWs, switch when one fails -how?

Ekki · 2013-11-18 21:09:38

Hi all.
I live in an environment where I have theoretical access to three different internet gateways (routers). We are three persons, each operate their own network, each one of us has a separate internet access (cable or DSL). We share some resources by using static ip adresses from the 'other' network, these addresses are manually configured. All three networks are bridged, no routers between netorks (yet). Imagine the three networks in a row, not in a ring. We all trust each other.

My idea now is to have a network configuration on one PC, which allows to switch from one gateway to another. Preferably automatic in cases where the local GW fails (which happens). Since we all use different providers, we could have a relatively high grade of redundancy...

So there is this one PC, running Arch, using systemd, and only one ethernet interface. What I achieved by myself is a manually switchable config with three static IP addresses, where only one of three is active at a time. I use aliases for that purpose.

What I dont know is how to automate that.

Default is: use my own local GW and provider.
In case of failing internet connection, try fallback #1 (neighbour friend 1).
If fallback #1 results in a working internet connection - fine, stop here. Recheck local GW periodically.
If not, try fallback #2.
If that works - fine, stop here. Recheck local GW periodically.
If not - fail terminally, inform user. Recheck local and remote GWs periodically.

Any ideas?

If this bridged system seems to become overly complicated, we have two MikroTik routers with fairly recent RouterOs versions, which we could use to separate the three networks. Overall connectivity (e.g. from net1 to net3 via net2 inbetween) should be possible.

So how would you do that? I am open to suggestions.

TIA,
Ekki/Germany

darrenldl · 2013-11-20 04:01:34

Hello,

I had my answers typed already actually, but I read your post again and found that my suggestions might not work,
so I will have to modifiy after knowing your network better.

Mind giving out more details about your network setup?

I am confused at the part of three networks connected using bridges.
So you three have seperate IP networks, but connected with bridges(or switches),
then when you want to access resources of other networks, you change your IP address to that network,
and just proceed to use, correct?

(I am absolutely not an expert in this, but I'm near the end of my CCNA course, so I might be able to help a bit since this is mostly networking.)

Best wishes,
Darren

darrenldl · 2013-11-20 04:23:27

Just to save time here,
if my above post describes your network correctly, here would be my approach, with just one Arch PC.(Modified from my original reply)
I had a setup before, with primary router and secondary router backing it up, which is kinda similar to your case.

Skip to (This is my suggestion) if you don't want to read about my setup( :c ).

(This is my setup)
I had a main router(Archlinux) and a secondary router(TPlink+OpenWRT),
so obviously, I would want the secondary router to take over main router when it's down.

So what I had on the secondary router was a script which starts at boot, the script is basically a while loop,
it keeps probing the main router, if the main router is down, it modifies its set of IP addresses,
if the main router is up again, it modifies its set of IP addresses again.

Just to make it clear, the main router boots up with two IP addresses(192.168.1.253/24 and 192.168.1.254/24)
when the secondary router boots up, it only has 192.168.1.252/24, then it keeps probing 192.168.1.253/24,
when 192.168.1.253 is down, it adds 192.168.1.254 to its LAN interface,
when 192.168.1.253 is up, it removes 192.168.1.254 from its LAN interface.
And of course, the DHCP server advertises 192.168.1.254 as the gateway.

For the probing, I used arping(arping can get around firewall rules, in case they block frequent pings, I believe),
" arping -c 4 "every 5 seconds, then pipe the output to other text manipulation program(i used grep and awk) to just grab the number of replies received,
if the number of replies is 0, determines 192.168.1.253(main router) is down, take over its place.
And if number of replies is not zero, and secondary router took over main router's place previously, removes 192.168.1.254/24 from interface.

(This is my suggestion)
Since you're using Arch on that PC, if I were you, I would just make a small script and start it at boot, this approach has never failed me really, but if you are afraid of the script
crashing, just make another simpler script to start it again when it crashed.

If I have a scenario same as yours,
my script would,
1. Check first gateway, with ping/arping every 5 seconds, if it's not responding, change IP address to second network and resort to second one.
2. Check second gateway, with ping/arping every 5 seconds, if it's not responding, change IP address to third network and resort to third one.
3. Check third gateway, with ping/arping every 5 seconds, if it's not responding, report to user. (But I would probably want it to loop once more in case other gateway suddenly works again)

Modifying IP addresses : use ip.

ip addr flush dev DEVICE_NAME // remove current ip address of your interface
ip addr add IP_OF_NETWORK dev DEVICE_NAME // add new ip address to your interface, IP_OF_NETWORK should contain a valid IP address plus a subnet mask like 192.168.0.1/24

Probing : arping/ping, pipe output to grep then awk(or other text manipulation programs), which results in a reply count.

arping -c 4 -I INTERFACE_NAME GATEWAY_IP | grep Received | awk '{print $2}' // arping does not use ICMP request, so if your gateways block ICMP request, use arping
ping -c 4 GATEWAY_IP | grep received | awk '{print $4}'
// I assume the gateway is down if it's giving 0 replies to either ping/arping

Modifying IP routes : use ip.

ip route add 0.0.0.0/0 via GATEWAY_IP // add default route and points to a specific gateway
ip route del 0.0.0.0/0 via GATEWAY_IP  // remove default route

Remarks : For a LAN network which supports 100Mbps fast ethernet, pinging every 5(or even 1) seconds shouldn't cause too much problem.
I used 4 as number of counts( -c 4 ) in arping/ping. Since LAN network is stable I assume, which shouldn't result in accidental packet lost, 4 should be enough.
I am not good in scripting, so I don't think I will be making one, not going to embarrass myself.
I am really bad at text manipulation as well, so my way of using grep and awk might look stupid to you.

Best wishes,
Darren

Last edited by darrenldl (2013-11-20 04:54:51)

progandy · 2013-11-20 04:40:56

I'm not an expert, but I think the following could work:
Use the same netmask and ip-range for all routers, but give them different IPs. (e.g. 192.168.0.1 for #1, 192.168.0.2 for #2, 192.168.0.3 for #3)
Disable the DHCP server on all but one router, use static IPs for normal operation.
Add all routers as gateways to your lan connection. Use the metric to order them as failover routes (0 = highest priority)

ip route add default via 192.168.0.1 dev eth0 metric 0
ip route add default via 192.168.0.2 dev eth0 metric 1
ip route add default via 192.168.0.3 dev eth0 metric 2

I'm not sure how ling this will take to detect the broken link, it might help to set the kernel to clean the routing table faster (set net.ipv4.route.gc_timeout to e.g. 10 seconds).
You might want to use a script to check the connection and use a combination of ip route del / ip route add.

Last edited by progandy (2013-11-20 04:47:28)

darrenldl · 2013-11-20 05:15:04

Regarding the MikroTik routers, using them might be a better solution.

You might need to add certain static routes to the routers, I never used MikroTik routers before, so I can't tell.

Good luck!

Ekki · 2013-12-02 00:07:57

Helo darrenIdl and progandy,
sorry for the late reply, I have been traveling.

Many thanks for the thoughts, I will check them and see what I can use.

Darren, some more info on the network(s):

Image three separate networks, 192.168.1.x, 192.168.2.x, 192.168.3.x, each with some hosts, each with a local GW to some internet provider.
Net1 is bridged to Net2, Net2 is bridged to Net3. In fact these bridges are wireless bridges, the networks are located at a small distance from each other.

We have now decided to use one central router. This router will be placed at Net2 and will connect with Net1, Net2 and Net3 by only one line. Our goal is to configure the router so that it has a default GW which is the one in Net1 (it's the fastest line). When this GW fails the router should do a fallback to the local GW in Net2, when this GW fails it should connect automatically via the GW in Net3.

When in a fault state (GW1 down), the router should try reconnects via GW1 in a configurable time. The router should inform one or more persons by email when it has switched.

The hosts in Net2 have the router IP address as default GW and default DNS, so they don't need to change anything in case of failover. The hosts in Net1 and Net3 will probably need manual intervention in case of a local GW failure, since they will be using the local GW by default. I.e. Net1 uses GW1, Net3 uses GW3, and only in case of local GW failure the hosts will be reconfigured to use another GW. TBD.

The router will have an identically configured clone on cold standby, because it is a single point of failure. Maybe I will learn later to configure both routers as hot standby with automatic failover

Cheers,
Ekki

darrenldl · 2013-12-02 05:02:58

Hello Ekki,

I was wondering if my answers weren't good enough so you refused to reply, glad that wasn't the reason : ).

Your planned network setup is a bit too complicated to be described in words perfectly well I'm afraid, so I drew a network diagram according to my understanding of your network, see if it fits your planned network?
Network diagram : http://i.imgur.com/WSuxYJB.png
I assume you connect the computers with switches, if you happen to connect to switch ports of your gateway, they are the same in how they work anyway.

If the network diagram fits your network, then the only questions remain would be about the central router.

If the central router is capable of having scripts running and is Linux, then it's possible and in fact I can give you the script very quickly.
If the central router is MikroTik(which I guess is what you're using), I will have to take a closer look.
MikroTIk supports scripting, but to what extent I am not sure. However, I'm sure we can get this network working. : )

About hot standby, normally you would need two extra addresses to spare, which makes at least three for the set of gateway.
One for the gateway IP, which is used by the computers, if that router stays in multiple networks, then it will have more gateway IPs
one for gateway1, one for gateway2.
The active gateway will own the gateway IPs, the passive will just own nothing, so computers don't need to change their configurations.
I will give you more details if you plan to do that.

From my experience, Windows 7 and Linux(Archlinux) works well under hot standby, but not for Windows XP.
Windows XP seems to have larger delay in detecting MAC addresses changes, since when one of the gateway becomes the active one,
the MAC addresses of that gateway IP will change from gateway1 to gateway2, or the other way around.
That can be fixed by having the router script to do certain ARP actions, I will again need to have a closer look at that.

So yea, what router it is for the central router and what functionality it provides, two major questions.
For IP addresses settings and routes, I can help you with that(whenever I can receive my emails or browse forums).

Cheers,
Darren

arzo · 2014-04-05 11:49:41

I think you might be interested in bonding https://www.kernel.org/pub/linux/kernel … onding.txt

Arch Linux

#1 2013-11-18 21:09:38

Use 1 of 3 available inet GWs, switch when one fails -how?

#2 2013-11-20 04:01:34

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

#3 2013-11-20 04:23:27

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

#4 2013-11-20 04:40:56

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

#5 2013-11-20 05:15:04

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

#6 2013-12-02 00:07:57

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

#7 2013-12-02 05:02:58

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

#8 2014-04-05 11:49:41

Re: Use 1 of 3 available inet GWs, switch when one fails -how?

Board footer