This is a read-only archive. Find the latest Linux articles, documentation, and answers at the new!

Re:true failover?

Posted by: Anonymous Coward on April 14, 2005 11:18 PM
Don't know about Linux-based routers, but for Cisco routers, this would not provide truly automatic failover. You'd end up dropping about half your packets, since, as far as the router is concerned, that failed route is still in the routing tables. You'd need to somehow take out the failed route. Either you can log in to your router and do it, or yes, you would indeed use a routing protocol (the preferred solution). The routing protocol would be BGP, since it's only with BGP that the ISP can direct Internet traffic the way that they need to do. ISPs won't talk OSPF with you because then you become part of their autonomous system, and you could easily hose their entire network. BGP was designed specifically for multi-ISP customers in just this type of situation.

You might want to look at something like OpenBGPD (currently OpenBSD-only; portable version coming soon) or Zebra. You'd also have to talk with both of your ISP's, get an AS number from IANA, and learn what the heck you're doing with BGP. It's not anything like the intra-AS routing protocols you're probably accustomed to (RIP, OSPF, etc.).

Another option might be to use pf's failover capability and a single ISP connection, but again, that'd mean running one of the BSD's, with a preference to OpenBSD for security reasons. pf is able to provide stateful failover, very much like Cisco's PIX Firewall failover, but without the patent encumbrements and the overinflated price tag. However, this solution would be for use on a single ISP connection, which won't work for sites that must have 24/7/365.25 "guaranteed" Internet access.


Return to Using a Linux failover router