New configuration for the multi-wan monitoring

Last week, me and @giacomo spent some time working on a new configuration for the multi-wan monitoring.
The basic change is that now the “ping IP” (AKA check IP) is global and you don’t need to input one IP for every connection. This also permits to delete the code that tries to auto-detect the right IP.
And we can delete the static routes too.
We did a short and simple test, it worked fine.
Now we’re waiting to see if shorewall will implement the needed modifications.

Here’s the shorewall-users mailing list thread for reference:
https://sourceforge.net/p/shorewall/mailman/message/34525119/

Meanwhile, if someone is interested in testing the new implementation, feel free to ask here.

5 Likes

Good news, thanks for your effort, it looks a smart solution.
I’m sure that @nas @Adam @bsprakash @jgjimenezs and @JOduMonT are interested to test it out

I’d be interested in testing this. What about customizing the intervals via web GUI? Was that addressed? Or are there plans to address it?

Currently there isn’t any implementation fort this but is not hard.
The real question is: which parameters do you want to customize?
These are the available options:

max_packet_loss=15
max_successive_pkts_lost=7
min_packet_loss=5
min_successive_pkts_rcvd=10
interval_ms=1000
timeout_ms=1000

It’s very hard to tune this parameters and IHMO the average user doesn’t bother.

3 Likes

These are the available settings in SonicWall routers:

I guess I was looking for something similar.

You’re right but it depends on the daemon used to check the connectivity.
We use LSM: http://lsm.foobar.fi/

Just a preview of the new web interface:

What do you think @Adam?

3 Likes

I LOVE such previews :heart:

1 Like

Very nice improvement! I can’t wait to test this!

I wasn’t aware that you could put multiple IPs in the Check IP field. What does that accomplish? Does it ping both simultaneously on all WAN connections?

Yes. And the link goes down if all CheckIPs are unreachable.

Very cool! I like that a lot more than being dependent on one check server. Please do let me know when this is ready for testing. :smiley:

1 Like

This new multi-wan implementation has two pre-requisites: the latest version of lsm (0.190) which contains a fix to use more than one checkip and the next version of shorewall (the new implementation is already available in shorewall 5.0.2beta1).
As soon as shorewall 5.0.2 is released, we should be able to release a test version of multi wan.

3 Likes

The new implementation is available for testing and it’s working even with current release of Shorewall with some hacks.

I’d love a long and accurate testing for this feature. If anyone want to put it on production environment, feel free to quickly ask support to me or @filippo_carletti (but please, take care to study a little Linux routing before :wink: )

Reference issue: http://dev.nethserver.org/issues/3289

1 Like

@nas , @mabeleira, @medworthy, @dz00te, @jgjimenezs, @JOduMonT, @GG_jr, @Adam that’s your match :smile:

2 Likes

How do I view ip rules and ip routes? I’m looking in /etc/shorewall/rules, /etc/shorewall/rtrules, and other config files… is that right?

Nope :smile:
You must use ip command.
Some examples:

ip route
ip rule
ip route show table balance

See also: http://lartc.org/howto/

But, do not focus too much on this, as first steps just tests the feature as “how you expect it should work”.
In other words check if the behavior is good and hosts inside the LAN can access the internet even when a providers change its state :wink:

1 Like

Thanks. I was trying to investigate some routing issues. I’ll post my findings on redmine in a few minutes.

Fixed the update process. @Adam have you got a little spare time to try it? :smile:

I’m on it! :smiley:

1 Like

Thank you, I just saw the bug is verified!

1 Like