Date: Fri, 3 Apr 2015 13:57:33 +0100 From: Harry Duncan <usr.src.linux@gmail.com> To: freebsd-questions@freebsd.org Subject: Looking for advice on GRE failover Message-ID: <CAHAPYVCjLvNmg3=4X5KyTA9DZ5uOF7Pz9L8rn4p3-0XOM4afBQ@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi Guys, I've been using FreeBSD as gateways and implementing vpn's using GRE tunnels, but hit a new requirement which I'm struggling to find a solution for, and thought I might share it here and get your advice on how to proceed. Two sites, sitea and siteb, both running freebsd gateway servers, both currently on ADSL for wan, with a GRE tunnel tunnel between the sites, secured by racoon, but now we need a highly available solution for the intersite link. We use pf to firewall. Site-a will have a dependency on infrastructure at site-b, but site-b will not have any dependency on site-a The physical solution will be to add another wan to each side, this time based on a wireless broadband link from an alternate provider which, just like the adsl these connections will be bridged into the server. What I would 'like' to have is the following GRE tunnels: site-a site-b wisp-a_.._.._.._.._.._wisp-b \ ______/ \ / \---------- _____/ \ / \ adsl-a===============adsl-b So, GRE tunnels would be: Primary: wisp-a_.._.._.._.._.._wisp-b Backup1: adsl-a________________wisp-b Backup2: wisp-a----------------adsl-b Backup3: adsl-a================adsl-b What i need then is an automatic means to route traffic from site-a to site-b over those 4 tunnels depending on the availability of the link, and current best thinking is that the above order will apply, but that may vary once the the wisp links go in. First hit I came up with is Carp, but that would require separate devices for each tunnel config and even still, I'm not sure I can make the device unavailable if there is a link problem. Second hit i came up with is lagg, but it appears to me that this will require the actual interface to go down in order to change the route. My preference is to have this as automated as possible but with an alerting structure to monitor the links for manual intervention which I can easily implement with something like nagios So my question is, am I looking for another tool on FreeBSD to manage this, or should I be looking at a tool to heartbeat the links and take the interfaces down if the heartbeat fails thus allowing lagg to autofailover to the next in the list, and then make it a manual alert response to bring the preferred link back up. any thoughts or advice or even advice on a different more appropriate list for this question? Thanks, Harry.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAHAPYVCjLvNmg3=4X5KyTA9DZ5uOF7Pz9L8rn4p3-0XOM4afBQ>