Re: [Astlinux-devel] Forcing WAN Failover

[Lonnie A. <li...@lo...>]

> On Sep 27, 2019, at 1:49 PM, David Kerr <da...@ke...> wrote:
> 
> I'm sure that you meant to address that to Michael.

Yes ... egg on face :-)

David, (correct this time) you make good points and why I'm dragging my feet a little on this request.

I think Michal Knill has some old, iffy DSL primary links and 4G/LTE is the secondary failover.

Another thought would be an optional "ping over time" test while on secondary to only return when the primary has been clean (like no ping failures in last 10 minutes).  Though looking at the code my head hurt thinking about implementing something like this. :-)

Lonnie

> 
> But to add my two cents here... I am very nervous about switching the network over to Secondary/Failover without an automatic mechanism to switch back.  It may be fine 99% of the time but what if the secondary link fails?  Even if the primary link was working fine, without a way to switch back automatically you could find yourself unable to connect from remote site.
> 
> 	• If the secondary link is more reliable than the first, then why not swap them (make EXTIF eth1, EXT2IF eth0)?
> 	• If you do want to switch over to Secondary for extended period then you would need some fancy firewall rules to make sure you could still at least login by ssh or get to the web interface from the Primary interface.  This is necessary to make sure replies go back to the interface that incoming request arrived on, and not the default route.  It is doable but non-trivial.  I have implemented something similar to ensure that I can always get to my box over the Secondary link, even if Primary is the default route.
> 	• Or, when you switch to Secondary link you move the "do I have internet connection" test from the primary to the secondary... in other words switch back to the primary not when the primary is back up again, but rather when the secondary fails.  So the switch to failover is active until such time as the failover fails.
> 
> David.