Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
SDN 101: An Introduction to Software Defined Networking
Discover the advantages of SDN.
SDN has quickly become one of the hottest trends in IT. But not all SDN solutions offer real software-defined functionality. As more enterprises consider SDN, they want to know, “What is SDN? And what are the real benefits?” If you're ready to explore the advantages of SDN, and want to know how it should be implemented within your enterprise, start by reading our introductory white paper.
Click Here to receive this Complete Guide absolutely free.
I currently have an MPLS setup between my location and a remote location, in a perfect world this connection would never cease to exist, unfortunately the world is not perfect, and occasionally the MPLS will go down. The solution to this is to have an OpenVPN gateway setup that utilizes the internet connection between the two sites. Which seems to work well, the problem is, anytime we have to switch between the MPLS and the OpenVPN setup, we have to change the routes on a whole bunch of machines. So, I was thinking wouldn't it be nice if we could automate this process, that is why I'm writing here today. I was inquiring if anyone has actually attempted to do this, or if they would have any insight on how to do this.. I can break it down that we could use two end points on each side that negotiated which route to take (as in the internal machines have no idea what route they're taking, either 10.10.10.1, or 192.168.x.1), and it would be the 10.10.10.1, and the 192.168.x.1 machine that would negotiate whether to take the MPLS route or the Internet route. I thought about writing a ping script, which would work from one side, but what about the other side? Does anyone know of a good tool that does this automatically, or at least a better solution other than a simple "ping" script that I came up with, it just seems to me that a simple ping script wont work good in this situation, because ultimately it should never stay on OpenVPN, if the MPLS has actually returned. Feedback greatly appreciated, thanks.
Last edited by zer0python; 11-10-2008 at 10:39 AM.
Reason: woops, didn't mean to click "post"
what's wrong with a simple ping? icmp packets rule the world... I would say ping is about the best way to do this. Your MPLS connection will hopefully have a CPE address at each site which should *only* be reachable via the MPLS link. as such if you statically route those specific IP's across the WAN link and then run a cron to ping the opposite site every minute. if it's there, ensure there's a route that way for the data networks as well. if not, wop it out and in that case let it use a permanent route of a higher metric to fall back to.
Nothing is wrong with a ping script, my only worriment is if I setup an openvpn bridge, could I end up pinging the CPE addresss through the OpenVPN bridge? if that was the case when on OpenVPN, it would never switch back to the MPLS, the configuration we have is this:
home office is: 10.10.0.0/16 network (MPLS router is 10.10.10.25)
sites are: 192.168.x.0/24 networks (the x denotes different sites.)
All the the sites route through 192.168.x.1 to get to the 10.10.0.0/16 network.
So what I was thinking was just to do ping -I 192.168.x.y 10.10.10.25, if un-reachable -> start openvpn, otherwise, ensure openvpn isn't running.
The problem is, how do inform the router in our central office to route through the openvpn network instead of 10.10.10.25, I can do a similar thing on the central office side (for each site,- but that doesn't seem optimal, as their are multiple sites... (6 and counting).
Mm, the more I think about this question, maybe I should've posted in Linux - Programming/Scripting or something, but it is very network related, so not really sure...
i would try to find an IP that is only reachable via MPLS. the WAN side IP addresses of the CPE are normally in the telco's address space, not yours, so they are typically unique. I would personally leave openvpn permanently connected for maximum availability. what if you need to use it and it doesn't come up? i'd again force *some* nominal traffic over that link too to ensure that it's functional should you need it. This does potentially depend on your architecture though, and you've not really described what that is, but hopefully these two routes diverge at a point where you can have them both active bar routing as much as possible.
That sounds like a good idea, my only question is do the internal ip addresses of the MPLS routers change at all, or will they always be static? I can get them using a traceroute to a site, but I would hate to have to do that every time, I want to ping for connectivity.. I'm rather much a newb when it comes to stuff like MPLS, most of my network experience is mostly just lan stuff...
a wan provider would generally never change them. they'd typically put a portion of private address space aside to use for the internal nodes of each MPLS label they implement for each customer, so they'd never change normally. best to ask them though.