generate default route and export to kernel if remote peer is up
Grant Taylor
gtaylor at tnetconsulting.net
Sat Sep 8 18:28:26 CEST 2018
On 09/08/2018 10:11 AM, Grant Taylor wrote:
> If I were to try to script something like this today, I'd do it with a
> few timers. The first being when the last outgoing traffic was sent and
> the second being when the last incoming traffic was received. As long
> as the second (incoming) timer is lower than first (outgoing) timer, I
> think it's safe to say the connection to the ISP's router is functional.
>
> In the event that the second (incoming) timer is higher than the first
> (outgoing) timer, I'd start a third (dead gateway) timer. If the third
> (dead gateway) timer ever reaches zero, then I'd know that there is a
> problem with the local ISP and I'd withdraw the local default gateway.
Now my brain is chewing on this.
What I've outlined will detect the transition from normal / steady state
to errant state. But as it's written, it will never detect that the
local ISP connection is usable because there is no traffic to monitor.
As such, I'd likely have a separate routing table with only the ISP's
connection and the associated default gateway. That way it's possible
to send probe traffic (even when the main routing table has a different
default gateway) to detect when the local ISP's connection is usable
again. [1] If / when the local ISP's connection is usable, add their
default gateway to the main local routing table and allow BIRD to do
it's thing.
[1] You need to decide what to do with established connections; do you
bring them back to the local ISP, thus possibly breaking session state,
or do you rely on route caching to ""gracefully bring things back.
Note: I have never gotten Dead Gateway Detection to do what I want in
any reliable manner. DGD tends to rely on link state and / or special
kernel parameters [2]. Even when it does function, I've found that it
does not do what I want it to do.
[2] I think you have to tell the kernel to hold onto unreachable routes
-and- you need to have probe traffic to kick the kernel to realize that
the gateway is reachable again.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 3982 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://trubka.network.cz/pipermail/bird-users/attachments/20180908/4e91c342/attachment.p7s>
More information about the Bird-users
mailing list