Menu
▾
▴
Re: [Astlinux-devel] Forcing WAN Failover
|
From: David K. <da...@ke...> - 2019-09-27 18:49:38
|
I'm sure that you meant to address that to Michael. But to add my two cents here... I am very nervous about switching the network over to Secondary/Failover without an automatic mechanism to switch back. It may be fine 99% of the time but what if the secondary link fails? Even if the primary link was working fine, without a way to switch back automatically you could find yourself unable to connect from remote site. - If the secondary link is more reliable than the first, then why not swap them (make EXTIF eth1, EXT2IF eth0)? - If you do want to switch over to Secondary for extended period then you would need some fancy firewall rules to make sure you could still at least login by ssh or get to the web interface from the Primary interface. This is necessary to make sure replies go back to the interface that incoming request arrived on, and not the default route. It is doable but non-trivial. I have implemented something similar to ensure that I can always get to my box over the Secondary link, even if Primary is the default route. - Or, when you switch to Secondary link you move the "do I have internet connection" test from the primary to the secondary... in other words switch back to the primary not when the primary is back up again, but rather when the secondary fails. So the switch to failover is active until such time as the failover fails. David. On Fri, Sep 27, 2019 at 8:52 AM Lonnie Abelbeck <li...@lo...> wrote: > Hi David, comments inline... > > > On Sep 26, 2019, at 10:21 PM, Michael Knill < > mic...@ip...> wrote: > > > > Could we have a checkbox on the failover tab with something like 'Force > Failover to Secondary' and a button to trigger it. > > In failover mode, this parameter could be checked and so the secondary > does not fail back. > > To return to Primary you uncheck the parameter and trigger again. > > What do you think? > > The hardest question is how to implement a "force" failover feature in the > main /usr/sbin/wan-failover script and not cause any unwanted side-effects. > > Setting "Target IPv4 Hosts:" to a known address that does not respond to > ping (apply with Restart Failover) should be a way to force failover. > > I'm wondering how common a force failover would be needed for the user > base. > > > > I could possibly also do this myself in the wan-failover.script I > suspect. > > No, the wan-failover.script can't do that, the main /usr/sbin/wan-failover > script would need to be tweaked to support something like this. > > Lonnie > > > > > > Regards > > Michael Knill > > > > On 25/9/19, 1:23 am, "Lonnie Abelbeck" <li...@lo...> > wrote: > > > > > >> On Sep 23, 2019, at 3:18 PM, Michael Knill < > mic...@ip...> wrote: > >> > >> Hi Devs > >> > >> There have been a number of times where I have an intermittently faulty > link and I want to force a WAN Failover and keep it there until the problem > is restored. > >> The service failover test triggers a failover but its not permanent. > >> Any ideas? > > > > Setting Secondary Delay: to a higher number would keep the switchover > to Failover longer. > > > > Unless you are looking for a CLI command like > > -- > > service failover force > > -- > > but somehow this would need to be reset back to primary. And the > secondary link could also fail while the primary is OK again. > > > > Other than setting Secondary Delay: to 30 minutes or so for notably > bad primary links, I'm not not sure of a true answer. > > > > I suppose we could keep track of the time between switches and > increase the effective Secondary Delay if there are a lot of failover > switches, but that can get complicated. > > > > > >> It would also be really nice to be able to change an ‘External Failover > Destination Route’ without having to reboot the system. There have been a > number of times where I have just wanted to move the VoIP traffic over to > the Secondary link. > > > > Currently your best option is to manually define routes using "ip > route add ..." > > > > > >> Thanks all. Failover is great. > > > > Great to hear, I use it all the time but the good news is my primary > link is very robust (knock on wood) and the failover is seldom triggered. > > > > Lonnie > > > > > >> > >> Regards > >> Michael Knill > >> _______________________________________________ > >> Astlinux-devel mailing list > >> Ast...@li... > >> https://lists.sourceforge.net/lists/listinfo/astlinux-devel > > > > > > > > _______________________________________________ > > Astlinux-devel mailing list > > Ast...@li... > > https://lists.sourceforge.net/lists/listinfo/astlinux-devel > > > > > > > > > > _______________________________________________ > > Astlinux-devel mailing list > > Ast...@li... > > https://lists.sourceforge.net/lists/listinfo/astlinux-devel > > > > _______________________________________________ > Astlinux-devel mailing list > Ast...@li... > https://lists.sourceforge.net/lists/listinfo/astlinux-devel > |
