LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices



Reply
 
Search this Thread
Old 11-10-2008, 11:35 AM   #1
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Rep: Reputation: 20
Backup Internet


Hello,

I currently have an MPLS setup between my location and a remote location, in a perfect world this connection would never cease to exist, unfortunately the world is not perfect, and occasionally the MPLS will go down. The solution to this is to have an OpenVPN gateway setup that utilizes the internet connection between the two sites. Which seems to work well, the problem is, anytime we have to switch between the MPLS and the OpenVPN setup, we have to change the routes on a whole bunch of machines. So, I was thinking wouldn't it be nice if we could automate this process, that is why I'm writing here today. I was inquiring if anyone has actually attempted to do this, or if they would have any insight on how to do this.. I can break it down that we could use two end points on each side that negotiated which route to take (as in the internal machines have no idea what route they're taking, either 10.10.10.1, or 192.168.x.1), and it would be the 10.10.10.1, and the 192.168.x.1 machine that would negotiate whether to take the MPLS route or the Internet route. I thought about writing a ping script, which would work from one side, but what about the other side? Does anyone know of a good tool that does this automatically, or at least a better solution other than a simple "ping" script that I came up with, it just seems to me that a simple ping script wont work good in this situation, because ultimately it should never stay on OpenVPN, if the MPLS has actually returned. Feedback greatly appreciated, thanks.

Last edited by zer0python; 11-10-2008 at 11:39 AM. Reason: woops, didn't mean to click "post"
 
Old 11-10-2008, 02:10 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
what's wrong with a simple ping? icmp packets rule the world... I would say ping is about the best way to do this. Your MPLS connection will hopefully have a CPE address at each site which should *only* be reachable via the MPLS link. as such if you statically route those specific IP's across the WAN link and then run a cron to ping the opposite site every minute. if it's there, ensure there's a route that way for the data networks as well. if not, wop it out and in that case let it use a permanent route of a higher metric to fall back to.
 
Old 11-11-2008, 09:15 AM   #3
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Original Poster
Rep: Reputation: 20
Nothing is wrong with a ping script, my only worriment is if I setup an openvpn bridge, could I end up pinging the CPE addresss through the OpenVPN bridge? if that was the case when on OpenVPN, it would never switch back to the MPLS, the configuration we have is this:

home office is: 10.10.0.0/16 network (MPLS router is 10.10.10.25)
sites are: 192.168.x.0/24 networks (the x denotes different sites.)

All the the sites route through 192.168.x.1 to get to the 10.10.0.0/16 network.

So what I was thinking was just to do ping -I 192.168.x.y 10.10.10.25, if un-reachable -> start openvpn, otherwise, ensure openvpn isn't running.

The problem is, how do inform the router in our central office to route through the openvpn network instead of 10.10.10.25, I can do a similar thing on the central office side (for each site,- but that doesn't seem optimal, as their are multiple sites... (6 and counting).

Mm, the more I think about this question, maybe I should've posted in Linux - Programming/Scripting or something, but it is very network related, so not really sure...
 
Old 11-11-2008, 09:22 AM   #4
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
i would try to find an IP that is only reachable via MPLS. the WAN side IP addresses of the CPE are normally in the telco's address space, not yours, so they are typically unique. I would personally leave openvpn permanently connected for maximum availability. what if you need to use it and it doesn't come up? i'd again force *some* nominal traffic over that link too to ensure that it's functional should you need it. This does potentially depend on your architecture though, and you've not really described what that is, but hopefully these two routes diverge at a point where you can have them both active bar routing as much as possible.
 
Old 11-11-2008, 11:01 AM   #5
zer0python
Member
 
Registered: Sep 2003
Posts: 104

Original Poster
Rep: Reputation: 20
That sounds like a good idea, my only question is do the internal ip addresses of the MPLS routers change at all, or will they always be static? I can get them using a traceroute to a site, but I would hate to have to do that every time, I want to ping for connectivity.. I'm rather much a newb when it comes to stuff like MPLS, most of my network experience is mostly just lan stuff...
 
Old 11-11-2008, 11:38 AM   #6
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,415

Rep: Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968Reputation: 1968
a wan provider would generally never change them. they'd typically put a portion of private address space aside to use for the internal nodes of each MPLS label they implement for each customer, so they'd never change normally. best to ask them though.
 
  


Reply

Tags
backup, gentoo, internet, linux, openvpn


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Software for backup over Internet? pingu Linux - Software 4 11-10-2006 03:17 AM
Backup Internet Connection shawnbishop Linux - Networking 2 09-06-2006 01:48 AM
Internet backup rblampain Linux - Networking 4 08-03-2006 01:30 AM
failover with backup internet connection? enilder Linux - Networking 1 11-04-2005 08:47 PM
internet stopped after recompile, cant get it after using the backup kernel edM Slackware 2 09-19-2005 08:53 AM


All times are GMT -5. The time now is 01:22 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration