Date: Sat, 18 Aug 2007 19:06:07 +0100 From: "Bruce M. Simpson" <bms@FreeBSD.org> To: "Tuc at T-B-O-H.NET" <ml@t-b-o-h.net> Cc: freebsd-net@freebsd.org Subject: Re: Failover default route? Message-ID: <46C7350F.9020507@FreeBSD.org> In-Reply-To: <200708181421.l7IEL8eG057505@himinbjorg.tucs-beachin-obx-house.com> References: <200708181421.l7IEL8eG057505@himinbjorg.tucs-beachin-obx-house.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Tuc at T-B-O-H.NET wrote: > In my case, as always, its a bit "special". I have > 2 OPENVPN tunnels, which I sent over different transits to > the same end host. On that host, I do my NAT. SO, without > getting into all sorts of hot/heavy things, is there a simple > program to install to ping something via the first tunnel, > and if it can't then switch my default route to the second > tunnel? Or, do I just use a script like here : As Bill correctly points out, reachability detection using a routing protocol is often the preferred method, however this isn't always available. Pinging is NOT the best practice, see RFC 1122 3.3.1.4: http://www.freesoft.org/CIE/RFC/1122/56.htm You could use ifstated to detect changes in the tunnel interface status and switch default routes accordingly, though it doesn't significantly reduce the amount of manual scripting you have to do. Microsoft's TCP implementation performs dead gateway detection based on triggered reselection as per RFC 816, however, they have a multipath capable FIB which can hold the multiple next-hops and their state -- something to consider for later. An incrememntal piecemeal change which folks might find OK may be to add cost metrics back to the kernel radix trie, but that still has all the aggro of changing the API. regards BMS
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?46C7350F.9020507>