1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Backup gateway / secondary default route

Discussion in 'Networking Issues' started by dylanjustice, Mar 14, 2010.

  1. dylanjustice

    dylanjustice Addicted to LI Member

    I have a redundant ISP connection, and I'd like to automatically fail over to it. It's not as easy as I thought. I planned to have a secondary default route (with a higher metric) on my primary ISP's router. That way, when the primary net connection goes down, the primary router would automatically route to the secondary router.

    Here's part of the routing table on the primary router (WRT54G, running Tomato).

    > # route -n
    > Kernel IP routing table
    > Destination Gateway Genmask Flags Metric Ref Use Iface
    > 0.0.0.0 192.168.100.1 0.0.0.0 UG 0 0 0 vlan1
    > 0.0.0.0 192.168.0.3 0.0.0.0 UG 1 0 0 br0


    Either router works fine on its own, if I specify it as the primary gateway. But the failover route never gets used, even though the primary internet connection has gone down somewhere downstream.

    Is there a better way to do this?
     
  2. mstombs

    mstombs Network Guru Member

    I have looked at this in the past and decided that some serious kernel patches are needed for 'dead gateway detection"

    http://lartc.org/howto/lartc.rpdb.multiple-links.html
    http://www.ssi.bg/~ja/#routes

    dd-wrt and openwrt have dual wan load balancing scripts. There is a Chinese Toamto dualwan mod that I have looked at which does have failover- it appears to use a ping script with script reconfiguration - which is probably the easiest.
     
  3. dylanjustice

    dylanjustice Addicted to LI Member

    Oh wow. I thought it was something simple that I was missing. OK, scripting it is. Thanks!
     
  4. HennieM

    HennieM Network Guru Member

    I use a proper Linux PC based DHCP server, so I don't know how to do this in a Tomato DHCP server, but I found the easiest solution (although not the most elegant), is to dish both default routes out to the clients, in the desired order. When the 1st fails, the clients should then try the 2nd after a while.

    From my dhcpd.conf:
    Code:
    shared-network mynet {
    
      subnet 10.1.2.0 netmask 255.255.255.0 {
    
            # --- default gateway
            option routers                  10.1.2.1, 10.1.2.250;
    10.1.2.1 is my default gw. If it fails, the clients try 10.1.2.250.

    Remember also that your second default gateway must have an IP on your local network: in your setup above, it seems like your local devices are on subnet 192.168.100. Your 2nd gateway seems to be on 192.168.0. You should specify the interface connected to your local network (192.168.100.xxx) for the second gateway, or your router (and/or clients) will try to use the 1st gateway to get to the 2nd gateway (and if the 1st is down... ;)
     
  5. dylanjustice

    dylanjustice Addicted to LI Member

    That routing table snippet was from the primary router, which has a WAN ip on the 192.168.100.0/24 subnet. So it won't have a default route to its LAN IP, which is 192.168.0.1.

    It's reasonably easy to use DNSMASQ to serve both gateways (I've used dhcp-option=3,192.168.0.1,192.168.0.3). The windows client machines accept it, anyhow. However, the gateway was still up, the failure was somewhere downstream. So none of them seem to have detected this ISP failure, and none of them ever attempted to use the backup gateway.
     
  6. HennieM

    HennieM Network Guru Member

    Windoze clients? I see that Win clients don't always use the backup gateway. From sniffing I also saw that even if the primary router sends an explicit redirect to those Win clients, telling them to use the another gateway, they still don't, while Linux clients do.

    Linux clients have a setting in /proc/sys/net/ipv4/conf/all/accept_redirects and /proc/sys/net/ipv4/conf/ethX/accept_redirects which is on (1) by default, which might explain why they react on the redirects.

    I once saw a setting to the effect of "Dead gateway detection" in Win TCP/IP settings, which might have to be turned on, although that might mean that an additional driver needs to be installed on the Win clients. Never tested that myself.

    To test the redirect issue, perhaps plug out your WAN link on your primary router and then sniff your network to see what messages are being send by the primary router. (Not that that will solve your problem, but at least you should get closer to what needs to be done).

    The best solution is of course when your primary router makes the routing decision and forwards packets to the secondary router when needed. If you can't figure out mstombs's scripting, the easiest (but perhaps costly) solution would probably be to get one of those routers with dual WAN ports, and then load balance (based on speed of the 2 links if possible). Another solution could be to run an old PC with (at least) 2 network cards as your primary router, and then run load balancing software on that.

    See also http://www.linksysinfo.org/forums/showthread.php?t=63140
     

Share This Page