From owner-freebsd-net@FreeBSD.ORG Sat Aug 18 18:06:10 2007 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 270B716A418 for ; Sat, 18 Aug 2007 18:06:10 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from out2.smtp.messagingengine.com (out2.smtp.messagingengine.com [66.111.4.26]) by mx1.freebsd.org (Postfix) with ESMTP id F2EF613C45E for ; Sat, 18 Aug 2007 18:06:09 +0000 (UTC) (envelope-from bms@FreeBSD.org) Received: from compute1.internal (compute1.internal [10.202.2.41]) by out1.messagingengine.com (Postfix) with ESMTP id 8CE2414BA9; Sat, 18 Aug 2007 14:06:09 -0400 (EDT) Received: from heartbeat2.messagingengine.com ([10.202.2.161]) by compute1.internal (MEProxy); Sat, 18 Aug 2007 14:06:09 -0400 X-Sasl-enc: /GdvFJH1/9dd7oypmQXCie137U1pVf9kIOxdXSS7bf30 1187460369 Received: from empiric.lon.incunabulum.net (82-35-112-254.cable.ubr07.dals.blueyonder.co.uk [82.35.112.254]) by mail.messagingengine.com (Postfix) with ESMTP id 151EB19E4C; Sat, 18 Aug 2007 14:06:08 -0400 (EDT) Message-ID: <46C7350F.9020507@FreeBSD.org> Date: Sat, 18 Aug 2007 19:06:07 +0100 From: "Bruce M. Simpson" User-Agent: Thunderbird 2.0.0.4 (X11/20070630) MIME-Version: 1.0 To: "Tuc at T-B-O-H.NET" References: <200708181421.l7IEL8eG057505@himinbjorg.tucs-beachin-obx-house.com> In-Reply-To: <200708181421.l7IEL8eG057505@himinbjorg.tucs-beachin-obx-house.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org Subject: Re: Failover default route? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 18 Aug 2007 18:06:10 -0000 Tuc at T-B-O-H.NET wrote: > In my case, as always, its a bit "special". I have > 2 OPENVPN tunnels, which I sent over different transits to > the same end host. On that host, I do my NAT. SO, without > getting into all sorts of hot/heavy things, is there a simple > program to install to ping something via the first tunnel, > and if it can't then switch my default route to the second > tunnel? Or, do I just use a script like here : As Bill correctly points out, reachability detection using a routing protocol is often the preferred method, however this isn't always available. Pinging is NOT the best practice, see RFC 1122 3.3.1.4: http://www.freesoft.org/CIE/RFC/1122/56.htm You could use ifstated to detect changes in the tunnel interface status and switch default routes accordingly, though it doesn't significantly reduce the amount of manual scripting you have to do. Microsoft's TCP implementation performs dead gateway detection based on triggered reselection as per RFC 816, however, they have a multipath capable FIB which can hold the multiple next-hops and their state -- something to consider for later. An incrememntal piecemeal change which folks might find OK may be to add cost metrics back to the kernel radix trie, but that still has all the aggro of changing the API. regards BMS