Re: [SLE] connection redundancy

• Previous message: Felix Miata: "Re: [SLE] Alert"
• In reply to: Ken Schneider: "Re: [SLE] connection redundancy"
• Next in thread: Hans du Plooy: "Re: [SLE] connection redundancy"
• Reply: Hans du Plooy: "Re: [SLE] connection redundancy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Tue, 26 Apr 2005 11:48:24 -0400
To: suse-linux-e@suse.com

>>Problem is, when the 64k line goes down, the mail server still tries to
>>reply via the usual gateway, which is the router just this side of the
>>line. In other words it doesn't know that the line has gone down,
>>because it's own gateway is still up.
>>
>>Is it possible to set a timeout to all traffic to the default gateway,
>>and have it try a backup gateway?

This may help you. It is a simple setup, that I copied from a web
article at http://enterprise.linux.com/article.pl?sid=05/04/10/2132252

It is a basic setup that may need some tweaking. Good luck!

- James W.

By: Rohit Girhotra

Today, it's hard to imagine an organization operating without taking
advantage of the vast resources and opportunities that the Internet
provides. The Internet's role has become so significant that no
organization can afford to have its Net connection going down for too
long. Consequently, most organizations have some form of a secondary or
backup connection ready (such as a leased line) in case their primary
Net connection fails. However, the process of switching over from the
primary to the backup connection, if done manually by the system
administrator, can take some time, depending upon how ready the backup
setup is and on the availability of the administrator at the right
moment. The process can even become a costly affair if the organization
must buy dedicated routers for the purpose of automatic switchover. But
there is an easy and cost-effective alternative -- setting up a Linux
failover router.

In this article we will look at setting up an existing Linux machine as
a failover router to provide quick and automatic switchover from a dead
Internet connection (the primary connection) to one that is operational
(the secondary connection).

To begin, you'll need a PC with any recent GNU/Linux distro installed.
You'll also need three network cards to put into this Linux box. Two of
the three network cards, say eth0 and eth1, will connect to the Internet
routers/gateways of your primary ISP (say ISP1) and secondary ISP (say
ISP2). The third network card, say eth2, will connect to your internal LAN.

Setting up the network

Begin by setting up your network based on the configuration information
available to you. You can make the configurations from the X Window GUI
using the Network utility. To do so, open the Network utility from Main
Menu > System Settings > Network. This will open up a network
configuration window displaying a list of all the network cards
installed on your system. Double-click on the network card you wish to
configure, select the Statically Set IP Addresses option, and assign the
IP address along with the subnet mask. There is also a Default Gateway
Address field; tou can leave it blank for the time being, as it can be
specified later on from the command line.

Assign the IP addresses provided to you by your ISPs to the two network
cards, eth0 and eth1. In our setup, we assigned eth0=61.16.130.100 and
eth1=200.15.110.101 (which are public IP addresses), along with the
subnet mask 255.255.255.224.

Assign a private IP address based on your internal LAN subnet to your
third card. We assigned eth2=10.0.0.1, where 10.0.0.0/24 was the address
range for our internal LAN setup. Save your changes and exit.

Now turn on IP packet forwarding on the Linux box by changing the value
of net.ipv4.ip_forward to 1 in the /etc/sysctl.conf file and executing
the command:

# sysctl -p

Next, you need to configure iptables by adding certain rules, so that
your internal LAN can route packets to the Internet. For this, issue the
following commands as root:

# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

# iptables -t nat -A POSTROUTING -o eth1 -j MASQUERADE

# iptables -A FORWARD -s 10.0.0.0/24 -j ACCEPT

# iptables -A FORWARD -d 10.0.0.0/24 -j ACCEPT

# iptables -A FORWARD -s ! 10.0.0.0/24 -j DROP

The above commands turn on masquerading in the NAT table by appending a
POSTROUTING rule (-A POSTROUTING) for all outgoing packets on the two
Ethernet interfaces, eth0 and eth1. The next two lines accept forwarding
of all packets to and from the 10.0.0.0/24 network. The last line drops
the packets that do not come from the 10.0.0.0/24 network.

To make the iptables rules permanent, save them as follows:

# iptables-save > /etc/sysconfig/iptables

Now you must restart your network, as well as iptables:

# /etc/init.d/network restart

# /etc/init.d/iptables restart

To see if your new iptables rules have gone into effect, type iptables --L.

Enabling failover routing

After you have configured your network, the next step is to enable
failover routing on your Linux box, so that if the first route dies the
router will automatically switch over to the next route. To do so,
you'll need to add the default gateway routes provided to you by your
ISPs for both your network cards:

# route add default gw 61.16.130.97 dev eth0

# route add default gw 200.15.110.90 dev eth1

Here, 61.16.130.97 is the gateway address given by ISP1 and
200.15.110.90 is the gateway address given by ISP2. Replace them with
the addresses available to you. These routes will disappear every time
you reboot the system. In order to make these routes permanent add the
above two commands in the /etc/rc.d/rc.local file, which is run at boot
time.

Also make sure that all the computers on your internal LAN (10.0.0.0/24)
have their default gateway address set as the IP address of the eth3
Ethernet interface (i.e. 10.0.0.1) of your failover router.

Finally, modify the /proc/sys/net/ipv4/route/gc_timeout file. This file
contains a numerical value that denotes the time in seconds after which
the kernel declares a route to be inactive and automatically switches to
the other route if available. Open the file in any text editor and
change its default value of 300 to some smaller value, say 10 or 15.
Save the changes and exit.

Now your Linux machine is ready to serve as a failover router,
automatically and quickly switching to the secondary route every time
the primary route fails.

-- 
Check the headers for your unsubscription address
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the archives at http://lists.suse.com
Please read the FAQs: suse-linux-e-faq@suse.com

• Previous message: Felix Miata: "Re: [SLE] Alert"
• In reply to: Ken Schneider: "Re: [SLE] connection redundancy"
• Next in thread: Hans du Plooy: "Re: [SLE] connection redundancy"
• Reply: Hans du Plooy: "Re: [SLE] connection redundancy"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]