diff --git a/docs/MultiISP.xml b/docs/MultiISP.xml index 6288338a6..0d3fc177e 100644 --- a/docs/MultiISP.xml +++ b/docs/MultiISP.xml @@ -1940,11 +1940,9 @@ ComcastC 2 - - eth0 detect loose,fallback,load=0.33
Gateway Monitoring and Failover - There are a couple of options available for monitoring the status - of provider links and taking action when a failure occurs. Both of these - options assume that each provider has a unique nexthop gateway; if two - or more providers use the same gateway router then neither option is - suitable. + There is an option (LSM) available for monitoring the status of + provider links and taking action when a failure occurs. LSM assumes that + each provider has a unique nexthop gateway. You specify the option in /etc/shorewall/interfaces: @@ -1953,201 +1951,13 @@ ComcastC 2 - - eth0 detect loose,fallback,load=0.33 net eth0 detect optional net eth1 detect optional -
- SWPING - - Shorewall includes a sample monitoring script - swping. The swping file is - available in the main directory contained in the Shorewall-common - tarball and is included in the Shorewall-common documentation - directory in the Shorewall-common RPM. The script is inspired by - Angsuman Chakraborty's gwping - script. - - - These samples are offered as is — they - work for me but I don't make any claim that they will work for - anyone else. But if you have a need for automated link monitoring, - they offer you a place to start. - - - - If you have installed Shorewall-init, you should disable its - ifup/ifdown/NetworkManager integration (set IFUPDOWN=0 in the Shorewall-init configuration - file). - - - The script should be copied to a directory on root's PATH such - as /usr/local/sbin/. - - The script works by sending pings to target - IP addresses through each external interface. These targets must not - depend on any routes other than those that are present in the main - routing table. That ensures that a route is available to the target - even when the target's interface is not working and Shorewall has - omitted it from the routing configuration. An interface is assumed to - be up when a specified number (UP_COUNT) of - consecutive ping operations succeed. Similarly, an interface is - assumed to be down when a specified number - (DOWN_COUNT) of consecutive ping operations fail. You can specify the - interval between pings (PING_INTERVAL). - - The script monitors two interfaces but it is a trivial exercise - to extend it to more than two. At the top are a number of variables to - set: - - # -# IP family -- 4 or 6 -# -FAMILY=4 -# -# The commands to run when the status of a line changes. Multiple commands may be specified -# when separated by semicolons (";") -# -COMMAND= - -... -# -# Interfaces to monitor -- you may use shell variables from your params file -# -IF1=eth0 -IF2=eth1 -# -# Sites to Ping. Must depend only on routes in the 'main' routing table. If not specified, -# the interface is assumed to be managed by dhcpcd and the script uses the gateway address -# from /var/lib/dhcpcd/dhcpcd-${IFx}.info -# -TARGET1= -TARGET2= -# -# How often to ping -# -PING_INTERVAL=5 -# -# Value for ping's -W option -# -PING_TIMEOUT=2 -# -# This many successive pings must succeed for the interface to be marked up when it is down -# -UP_COUNT=5 -# -# This many successive pings must fail for the interface to be marked down when it is up -# -DOWN_COUNT=2 - - If you leave COMMAND empty, the script sets its value - automatically depending on whether Shorewall-lite is installed. - - When the status of an interface changes: - - - - For each interface, a file is placed in ${VARDIR} (normally - /var/lib/shorewall) to record the status of the interface: either - 0 (UP) or 1 (DOWN). The name of the file is - interface.status - where interface is the interface (e.g., - eth0.status). - - - Beginning with Shorewall 4.5.0, the generated script - automatically maintains this .status file. - - - - - A shorewall -f restart command is - executed (shorewall-lite restart, if - Shorewall-lite is installed). - - - - The contents of the main routing table are displayed. - - - - The .status files are intended to be used with the following - /etc/shorewall/isusable script.local status=0 - -[ -f ${VARDIR}/${1}.status ] && status=$(cat ${VARDIR}/${1}.status) - -return $status - - The above script is installed in /etc/shorewall in Shorewall releases - 4.3.11 - 4.5.0. Beginning with Shorewall 4.5.1, it is no longer - installed in /etc/shorewall, - but may be copied there from /usr/share/shorewall/configfiles. - - Also included is a sample init script - (swping.init) to start the monitoring daemon. - Copy it to /etc/init.d/swping and use your - distribution's SysV init tools to cause it to be run at boot. It works - on OpenSuSE 11.0 -- YMMV. Modify the PROG and - STATEDIR variables as needed. - - As an alternative to using the init script, you can add the - following to /etc/shorewall/started: - - if [ "$COMMAND" = start ]; then - killall -9 swping 2> /dev/null #be sure that there are none left running - /usr/local/sbin/swping & -fi - - and add this to - /etc/shorewall/stopped. - - if [ "$COMMAND" = stop -o "$COMMAND" = clear ]; then - killall -9 swping 2> /dev/null -fi - - This simple script has a number of limitations: - - - - It only works on IPv4 or IPv6 but not both at once. So if - you want to monitor both IPv4 and IPv6, you need to clone the - script are run two copies; one for IPv4 and one for IPv6. - - - - It can only detect the gateway for interfaces managed by - dhcpcd. - - - - It's method of determining whether an interface is up or - down is crude. You will normally specify the default gateway for - each provider as the sites to ping and being able to ping the - default gateway is not a surefire indication that the provider is - usable. The method of determining whether a site is up or down is - also crude. - - - - Because of the crudeness of the algorithm, hysteresis may - occur. - - - - It is tricky to configure a system such that the system - works correctly when one of its providers is down unless you - largely don't care which interface is used. - - -
-
Link Status Monitor (LSM) Link Status Monitor was written by Mika Ilmaranta <ilmis at nullnet.fi> and performs - more sophisticated monitoring than the simple swping script described - in the preceding section. + more sophisticated monitoring than the simple SWPING script that + preceded it. If you have installed Shorewall-init, you should disable its