Failover from VPN|
"R. Steve McKown" <rsmckown,AT,yahoo,DOT,com>|
Mon, 5 Mar 2001 03:49:12 +0100|
I'm looking to provide a way to backup a failed CIPE link using dialup
PPP (or more generally any other network link). My thoughts on an
initial solution has limitations I'm not sure are workable with CIPE.
Would anyone be willing to comment on how to make this solution work, or
propose an alternative?
My thought is to have the route(s) going through the CIPE tunnel set at
metric 1. Another route (or set of routes) to the same destination by
way of another network link would populate the route tables, but at a
metric of two or higher. So, as long as the routes for CIPE were in
place, the CIPE tunnel would be used. If those routes were removed,
packets to the same destination would then begin traversing the backup link.
The problem with this approach is that the presence of the routes
directing traffic through the CIPE tunnel must coincide precisely with
the link state of the tunnel (traffic is passing successfully or not).
I can get part way there with the error settings and ping features. If
the tunnel is already up and fails to respond to X pings, then the
tunnel is closed, the routes would go away, and the backup routes would
Where I get hung up is starting the tunnel. The routes appear to get
created as soon as the CIPE device is initialized and before any traffic
passes through it. The failover solution really needs to have CIPE
bring up the routes through the tunnel _after_ it has verified traffic
can pass through the tunnel. That way, packets are routed toward the
CIPE device only when there is someplace for them to go -- otherwise
they take the backup path. This is most obvious when the link is
failing, most likely due to a network link problem. One wants CIPE to
continue to periodically attempt to initialize the tunnel, but not
override the working backup route(s) until the tunnel has been shown to
successfully pass traffic.
Any way to make this work? Are there better and/or workable alternatives?