On 7/17/06, Oliver Savage <oliver.savage@gmail.com> wrote:
Looking for suggestions, about what to avoid, and what works well.
Thank you for replies in advance. I am setting up a router running
linux that will be used for network availabilty/load balancing to
adjust for "ISP outages", network attacks, etc.
Using several ISP's (at most three), and when one ISP is unreachable,
switch over to another. I want to be able to take static IP's assigned
to me by one ISP and in the event of an outage have the internet
facing router broadcast availabilty for these IP's. As well it would
transparently handle DHCP, DNS propagation for a fairly normal office
routing setup. Something for small business needs, that could be
easily replicated would be of the most use.
I have started reading up on RIP, OSPF, and BGP. Looking at Quagga
(http://quagga.net/docs/docs-info.php) right now, with thoughts of
leveraging my experiences with OpenWRT on a Linksys WRT54g.
----------
Replying to ones self is indicative of impending madness...
I read up on RIP, and it would appear that as the spec is written
failover is not a strong point, although maybe that isn't the case in
practice. From the RFC http://www.faqs.org/rfcs/rfc2453.html:
"RIP is primarily intended for use as an IGP in networks of moderate size."
"Protocol is limited to networks whose longest path is 15 hops."
"Fixed "metrics" to compare alternative routes, it is not
appropriate for situations where routes need to be chosen based on
real-time parameters such as a measured delay, reliability, or load.
The obvious extensions to allow metrics of this type are likely to
introduce instabilities of a sort that the protocol is not designed to
handle."
Maybe I should spell out what I am doing better. We have two
ISP's, one is handling us through DHCP, we will call them GCISP. The
other ISP is our default, they lease us several static IP's, and we
point at their nameservers, we'll call them ACISP. If ACISP goes down
I want to move all routing both in and out over to GCISP. At such time
as ACISP comes back up, we move everything back over, this should be
"mostly seamless" and automated.
This would be simpler if we only wanted to get out. However we
want traffic being routed our way to still get to us during an outage.
If this traffic is bound to us via DNS that seems straightforward, but
what about traffic coming our way via ACISP's static IP's?
When I first started looking into doing this someone suggested
RIP, they also suggested that I should be able to broadcast that the
"leased IP's" have moved. When I heard that my response was, "isn't
that spoofing"? It would seem to me that the correct approach is to
either have an arrangement with the ISP, or to use DNS, isn't this
just the sort of situation that DNS is designed for?
Seems this could be done using Iptables, with NAT masquerading,
something to monitor network availability like
http://www.linux-ha.org/HeartbeatProgram and change dns accordingly
for all outward facing domain. The only thing would be that any
services that currently depend on those static IP's would be
sadly-out-of-luck, and would need to be reconfigured to aim at domain
names instead.
As you may be able to infer I am no network master. It would also
seem like there could be plenty of poo to step in. Like what happens
if a user is engaged in filling out a form, using a tunnel, etc. So
then you need to start proxying, etc, etc. Please forgive me for my
verbosity.
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Tue Jul 18 08:38:46 2006
This archive was generated by hypermail 2.1.8 : Tue Jul 18 2006 - 08:38:47 AKDT