WAN Link not getting switched to WAN2 if WAN1 is down


(Prakash B S) #1

I enabled Balanced mode for WAN Management.
When I disconnect WAN1, Link is not switched to WAN2.


November 2015 Development Updates
(Giacomo Sanchietti) #2

Please can you post the output of the following commands:

  • db networks show
  • shorewall show -i

Then, search for the event wan-update inside the messages: grep wan-update /var/log/messages.


(Jose G Jimenez S ) #3

I have been studying shorewall, http://shorewall.net

and I have made some changes in my lsm.conf located in /etc/lsm/lsm.conf

No changes

# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at https://dev.nethesis.it/projects/nethserver/wiki/NethServer
# original work from http://www.contribs.org/development/
#
# Copyright (C) 2013 Nethesis S.r.l. 
# http://www.nethesis.it - support@nethesis.it
# 
#
# Debug level: 0 .. 8 are normal, 9 gives lots of stuff and 100 doesn't
# bother to detach
#
#debug=10
#debug=9
debug=8

#
# Defaults for the connection entries
#
defaults {
  name=defaults
  checkip=127.0.0.1
  eventscript=/usr/libexec/nethserver/lsm-wan-link-update
  notifyscript=
  max_packet_loss=9
  max_successive_pkts_lost=6
  min_packet_loss=8
  min_successive_pkts_rcvd=3
  interval_ms=5000
  timeout_ms=2000
  warn_email=root
  check_arp=0
  sourceip=
# if using ping probes for monitoring only then defaults should
# not define a default device for packets to autodiscover their path
# to destination
#  device=eth0
# use system default ttl
  ttl=0
# assume initial up state at lsm startup (1 = up, 0 = down, 2 = unknown (default))
#  status=1
}
#
# 20providers
#
connection {
 name=aba11
 checkip=8.8.8.8
 device=eth1
}
group {
 name=aba1
 logic=0
 member-connection=aba11

}
connection {
 name=aba21
 checkip=8.8.8.8
 device=eth2
}
group {
 name=aba2
 logic=0
 member-connection=aba21

}
connection {
 name=aba31
 checkip=8.8.8.8
 device=eth3
}
group {
 name=aba3
 logic=0
 member-connection=aba31

}

With changes

# ================= DO NOT MODIFY THIS FILE =================
# 
# Manual changes will be lost when this file is regenerated.
#
# Please read the developer's guide, which is available
# at https://dev.nethesis.it/projects/nethserver/wiki/NethServer
# original work from http://www.contribs.org/development/
#
# Copyright (C) 2013 Nethesis S.r.l. 
# http://www.nethesis.it - support@nethesis.it
# 
#
# Debug level: 0 .. 8 are normal, 9 gives lots of stuff and 100 doesn't
# bother to detach
#
#debug=10
#debug=9
debug=8

#
# Defaults for the connection entries
#
defaults {
  name=defaults
  checkip=127.0.0.1
  eventscript=/usr/libexec/nethserver/lsm-wan-link-update
  notifyscript=
  max_packet_loss=9
  max_successive_pkts_lost=6
  min_packet_loss=8
  min_successive_pkts_rcvd=3
  interval_ms=100
  timeout_ms=100
  warn_email=root
  check_arp=0
  sourceip=
# if using ping probes for monitoring only then defaults should
# not define a default device for packets to autodiscover their path
# to destination
  device=eth0
# use system default ttl
  ttl=0
# assume initial up state at lsm startup (1 = up, 0 = down, 2 = unknown (default))
  status=1
}
#
# 20providers
#
connection {
 name=aba11
 checkip=8.8.8.8
 device=eth1
}
group {
 name=aba1
 logic=0
 member-connection=aba11

}
connection {
 name=aba21
 checkip=8.8.8.8
 device=eth2
}
group {
 name=aba2
 logic=0
 member-connection=aba21

}
connection {
 name=aba31
 checkip=8.8.8.8
 device=eth3
}
group {
 name=aba3
 logic=0
 member-connection=aba31

}

I changed the values of:

interval_ms=100
timeout_ms=100

And

# if using ping probes for monitoring only then defaults should
# not define a default device for packets to autodiscover their path
# to destination
before:  #device=eth0
after: device=eth0

Turn off my ISPs, and I went back to activate. and the short time to go down the ISP will be activated

Try it and tell us how it went.

regards @bsprakash @giacomo


(Artem Fedai) #4

i’ve allready done diff , but your were the first who post it :smile:

Check now /etc/e-smith/templates/etc/lsm/lsm.conf 10base and make changes to database file


(Adam) #5

This should really be noted as a bug and the change be implemented into NethServer. I’ve been doing some testing today with WAN failover and it was taking so long to fail over and fail back that it was pretty much useless. After changing interval_ms and timeout_ms to 100, it took a reasonable amount of time to fail over and fail back (10-15 seconds).

Edit: The more testing I do, the more I think the options for probing/check ip should be custom configurable. In my experience with enterprise hardware, there’s usually two options for failover:

  1. how often to ping
  2. how many failed pings before failover

…and two options for failback:

  1. how often to ping
  2. how many successful pings before failback

Being able to customize those settings under ‘advanced’ options for multi wan would be absolutely amazing!


(Filippo Carletti) #6

I think that we need to completely revise the multi wan failover behaviour, based on experience with customers and an old implementation I did years ago.
I’d like to receive your opinions.

I see two different options for line failure:

  1. near distance

  2. long distance

  3. is about pinging your gateway or a close system, just to understand if the line is up

  4. is pinging let’s say 8.8.8.8 and 8.8.4.4 to understand if your ISP has routing problems

  5. can use high frequency ping (every few ms) and be reactive

  6. needs to send only a few packets per minute, to more than one host to be sure the net is working

Current implementation is following shorewall multi isp guidelines (http://shorewall.net/MultiISP.html).

I’m biased towards 2, because if an adsl line is up but you can’t reach websites because the isp has problems, you feel that the system is not working. But we could find a solution to both scenarios, maybe offering some advanced options like @Adam is suggesting.

In the past, I hacked a daemon to send “dns ping” to some (at least 5) dns servers geographically distant. If at least one answered I assumed the line was up.

Also, I think we need to find a way to get rid of the static route to the check ip, to avoid having to use a different ip for every link.

I’m going to read again shorewall manual next week to see if I can find a way to obtain this.

If someone has ideas, please share here. Thanks.


(Adam) #7

I’ve seen some ISPs have failures where their gateway and dns servers are available, but they are not able to route traffic to the internet. So I would prefer option 2 as a more reliable option.

Edit: Can I “like” the above post twice?? So much thought and care is put into @filippo_carletti’s posts! I’m sure as much of both is put into his code!


(Alessio Fattorini) #8

Thanks for sharing your helpful insights! Guess that people like @jgjimenezs @mabeleira @AZChas @nas @JOduMonT are interested


(Artem Fedai) #9

What do you mean @filippo_carletti?

In order for normal verify connection we need at least 15 ping probes, and ping somth like Google or OpenDNS servers.

And we shoud have different ping interval for different connections , somth like 1 ISP every 60sec 2ISP every 70 sec , for preventing situation that if two ping starts at the same time one or few packets could lost.

For increase of LSM reaction QA should test specific attributes that control the decision process and time-to-decide :
“max_packet_loss, max_successive_pkts_lost, min_packet_loss, min_successive_pkts_rcvd, interval_ms, timeout_ms”.

And our NS script should do ip ro flush cache on every LSM event , but maybe when shorewall reenable interface they clean route cache.


(Adam) #10

I used the IP 4.2.2.2 for probing for WAN1. I started a continuous ping of that IP from a client behind NS during testing. When WAN1 was disconnected, even though that IP was accessible through WAN2, the ping requests were still timing out. So I assume a static route was created where communication to that IP goes through WAN1, which is what he’s referring to.


(Artem Fedai) #11

Try it ! You donot reed my post :slight_smile:


(Adam) #12

LOL, you’re right, I don’t “reed” your posts, but they are admittedly difficult to read sometimes. :wink:

I tried clearing the route cache after a failover, as you suggested. Pings still continued to fail.


(Filippo Carletti) #13

https://sourceforge.net/p/shorewall/mailman/message/32304012/

AFAIK, shorewall takes care of route cache flush.


(Adam) #14

I don’t think changing interval_ms and timeout_ms to 100 is a good solution. I looked in shorewall logs and found this:

Sep 27 22:07:27    Provider fiber (1) stopped
Sep 27 22:08:23    Provider cable (2) stopped
Sep 27 22:08:24    Provider cable (2) Started
Sep 27 22:12:23    Provider cable (2) stopped
Sep 27 22:12:33    Provider cable (2) Started
Sep 27 22:13:51    Provider cable (2) stopped
Sep 27 22:13:52    Provider cable (2) Started
Sep 27 22:14:03    Provider cable (2) stopped
Sep 27 22:14:04    Provider cable (2) Started
Sep 27 22:14:55    Provider fiber (1) Started
Sep 27 22:15:41    Provider cable (2) stopped
Sep 27 22:15:51    Provider cable (2) Started
Sep 27 22:20:18    Provider cable (2) stopped
Sep 27 22:20:20    Provider cable (2) Started
Sep 27 22:20:22    Provider cable (2) stopped
Sep 27 22:20:29    Provider cable (2) Started
Sep 27 22:22:58    Provider cable (2) stopped
Sep 27 22:22:59    Provider cable (2) Started
Sep 27 22:24:24    Provider cable (2) stopped
Sep 27 22:24:34    Provider cable (2) Started
Sep 27 22:25:42    Provider cable (2) stopped
Sep 27 22:25:43    Provider cable (2) Started
Sep 27 22:25:52    Provider cable (2) stopped
Sep 27 22:25:53    Provider cable (2) Started
Sep 27 22:33:06    Provider cable (2) stopped
Sep 27 22:33:07    Provider cable (2) Started
Sep 27 22:33:15    Provider cable (2) stopped
Sep 27 22:33:18    Provider cable (2) Started
Sep 27 22:45:36    Provider cable (2) stopped
Sep 27 22:45:37    Provider cable (2) Started
Sep 27 22:50:29    Provider cable (2) stopped
Sep 27 22:50:30    Provider cable (2) Started
Sep 27 22:50:36    Provider cable (2) stopped
Sep 27 22:50:59    Provider cable (2) Started
Sep 27 22:51:01    Provider cable (2) stopped
Sep 27 22:51:02    Provider cable (2) Started
Sep 27 22:51:12    Provider fiber (1) stopped
Sep 27 22:51:25    Provider fiber (1) Started
Sep 27 22:51:49    Provider cable (2) stopped
Sep 27 22:51:50    Provider cable (2) Started
Sep 27 22:51:53    Provider cable (2) stopped
Sep 27 22:51:59    Provider cable (2) Started
Sep 27 22:58:54    Provider cable (2) stopped
Sep 27 22:58:55    Provider cable (2) Started
Sep 27 23:01:37    Provider cable (2) stopped
Sep 27 23:01:38    Provider cable (2) Started
Sep 27 23:23:23    Provider cable (2) stopped
Sep 27 23:23:40    Provider cable (2) Started
Sep 27 23:25:36    Provider cable (2) stopped
Sep 27 23:26:14    Provider cable (2) Started
Sep 27 23:38:54    Provider cable (2) stopped
Sep 27 23:39:11    Provider cable (2) Started
Sep 27 23:57:41    Provider cable (2) stopped
Sep 27 23:57:42    Provider cable (2) Started
Sep 27 23:59:01    Provider cable (2) stopped
Sep 27 23:59:03    Provider cable (2) Started
Sep 28 00:00:02    Provider cable (2) stopped
Sep 28 00:00:03    Provider cable (2) Started
Sep 28 00:06:42    Provider cable (2) stopped
Sep 28 00:06:53    Provider cable (2) Started
Sep 28 00:16:57    Provider cable (2) stopped
Sep 28 00:16:58    Provider cable (2) Started
Sep 28 00:17:51    Provider cable (2) stopped
Sep 28 00:18:00    Provider cable (2) Started
Sep 28 00:18:26    Provider cable (2) stopped
Sep 28 00:18:27    Provider cable (2) Started
Sep 28 00:21:06    Provider cable (2) stopped
Sep 28 00:21:17    Provider cable (2) Started
Sep 28 00:23:41    Provider cable (2) stopped
Sep 28 00:23:50    Provider cable (2) Started
Sep 28 00:24:37    Provider cable (2) stopped
Sep 28 00:24:39    Provider cable (2) Started
Sep 28 00:30:15    Provider cable (2) stopped
Sep 28 00:30:25    Provider cable (2) Started
Sep 28 00:30:45    Provider cable (2) stopped
Sep 28 00:30:46    Provider cable (2) Started
Sep 28 00:30:49    Provider cable (2) stopped
Sep 28 00:30:56    Provider cable (2) Started
Sep 28 00:36:00    Provider cable (2) stopped
Sep 28 00:36:06    Provider cable (2) Started
Sep 28 00:36:10    Provider cable (2) stopped
Sep 28 00:36:11    Provider cable (2) Started
Sep 28 00:37:32    Provider cable (2) stopped
Sep 28 00:37:33    Provider cable (2) Started
Sep 28 00:46:09    Provider cable (2) stopped
Sep 28 00:46:19    Provider cable (2) Started
Sep 28 00:52:59    Provider cable (2) stopped
Sep 28 00:53:10    Provider cable (2) Started
Sep 28 01:02:34    Provider cable (2) stopped
Sep 28 01:02:58    Provider cable (2) Started
Sep 28 01:03:22    Provider cable (2) stopped
Sep 28 01:03:23    Provider cable (2) Started
Sep 28 01:04:50    Provider cable (2) stopped
Sep 28 01:05:09    Provider cable (2) Started
Sep 28 01:14:36    Provider cable (2) stopped
Sep 28 01:14:47    Provider cable (2) Started
Sep 28 01:18:01    Provider cable (2) stopped
Sep 28 01:18:20    Provider cable (2) Started
Sep 28 01:18:26    Provider cable (2) stopped
Sep 28 01:18:40    Provider cable (2) Started
Sep 28 01:28:40    Provider cable (2) stopped
Sep 28 01:28:41    Provider cable (2) Started
Sep 28 01:36:46    Provider cable (2) stopped
Sep 28 01:36:47    Provider cable (2) Started
Sep 28 02:42:48    Provider cable (2) stopped
Sep 28 02:43:08    Provider cable (2) Started
Sep 28 02:45:10    Provider cable (2) stopped
Sep 28 02:45:23    Provider cable (2) Started
Sep 28 02:51:19    Provider cable (2) stopped
Sep 28 02:51:29    Provider cable (2) Started
Sep 28 02:53:28    Provider cable (2) stopped
Sep 28 02:53:29    Provider cable (2) Started
Sep 28 02:53:30    Provider cable (2) stopped
Sep 28 02:53:41    Provider cable (2) Started
Sep 28 03:03:53    Provider cable (2) stopped
Sep 28 03:04:04    Provider cable (2) Started
Sep 28 03:18:56    Provider cable (2) stopped
Sep 28 03:19:47    Provider cable (2) Started
Sep 28 03:35:39    Provider fiber (1) stopped
Sep 28 03:35:52    Provider fiber (1) Started
Sep 28 04:33:50    Provider cable (2) stopped
Sep 28 04:34:10    Provider cable (2) Started
Sep 28 04:48:50    Provider cable (2) stopped
Sep 28 04:49:10    Provider cable (2) Started
Sep 28 05:04:41    Provider cable (2) stopped
Sep 28 05:04:52    Provider cable (2) Started
Sep 28 05:05:14    Provider cable (2) stopped
Sep 28 05:05:27    Provider cable (2) Started
Sep 28 05:06:26    Provider cable (2) stopped
Sep 28 05:06:37    Provider cable (2) Started
Sep 28 05:07:04    Provider cable (2) stopped
Sep 28 05:07:16    Provider cable (2) Started
Sep 28 05:07:25    Provider cable (2) stopped
Sep 28 05:07:43    Provider cable (2) Started
Sep 28 05:08:20    Provider cable (2) stopped
Sep 28 05:08:31    Provider cable (2) Started
Sep 28 05:13:11    Provider fiber (1) stopped
Sep 28 05:13:23    Provider fiber (1) Started
Sep 28 05:53:23    Provider cable (2) stopped
Sep 28 05:53:28    Provider cable (2) Started
Sep 28 05:53:37    Provider cable (2) stopped
Sep 28 05:53:52    Provider cable (2) Started
Sep 28 05:53:58    Provider cable (2) stopped
Sep 28 06:00:13    Provider cable (2) Started
Sep 28 06:00:14    Provider cable (2) stopped
Sep 28 06:00:15    Provider cable (2) Started
Sep 28 06:00:16    Provider cable (2) stopped
Sep 28 06:04:11    Provider cable (2) Started
Sep 28 06:05:44    Provider cable (2) stopped
Sep 28 06:06:44    Provider cable (2) Started
Sep 28 06:09:57    Provider cable (2) stopped
Sep 28 06:10:09    Provider cable (2) Started
Sep 28 06:10:24    Provider cable (2) stopped
Sep 28 06:11:34    Provider cable (2) Started
Sep 28 06:13:04    Provider cable (2) stopped
Sep 28 06:13:36    Provider cable (2) Started
Sep 28 06:14:10    Provider cable (2) stopped
Sep 28 06:16:25    Provider cable (2) Started
Sep 28 06:25:54    Provider cable (2) stopped
Sep 28 06:26:34    Provider cable (2) Started
Sep 28 06:26:46    Provider cable (2) stopped
Sep 28 06:27:06    Provider cable (2) Started
Sep 28 07:28:38    Provider cable (2) stopped
Sep 28 07:59:35    Provider cable (2) Started
Sep 28 07:59:37    Provider cable (2) stopped
Sep 28 07:59:40    Provider cable (2) Started
Sep 28 07:59:41    Provider cable (2) stopped
Sep 28 08:00:10    Provider cable (2) Started
Sep 28 08:00:22    Provider cable (2) stopped
Sep 28 08:01:52    Provider cable (2) Started
Sep 28 08:02:00    Provider cable (2) stopped
Sep 28 08:04:18    Provider cable (2) Started
Sep 28 08:04:19    Provider cable (2) stopped
Sep 28 08:04:20    Provider cable (2) Started
Sep 28 08:04:21    Provider cable (2) stopped
Sep 28 08:04:23    Provider cable (2) Started
Sep 28 08:04:26    Provider cable (2) stopped
Sep 28 08:04:30    Provider cable (2) Started
Sep 28 08:04:31    Provider cable (2) stopped
Sep 28 08:04:32    Provider cable (2) Started
Sep 28 08:04:34    Provider cable (2) stopped
Sep 28 08:05:38    Provider cable (2) Started
Sep 28 08:05:41    Provider cable (2) stopped
Sep 28 08:08:29    Provider cable (2) Started
Sep 28 08:10:21    Provider cable (2) stopped
Sep 28 08:10:54    Provider cable (2) Started
Sep 28 08:11:28    Provider cable (2) stopped
Sep 28 08:12:17    Provider cable (2) Started
Sep 28 08:12:24    Provider cable (2) stopped
Sep 28 08:14:55    Provider cable (2) Started
Sep 28 08:15:41    Provider cable (2) stopped
Sep 28 08:21:19    Provider cable (2) Started
Sep 28 08:21:29    Provider cable (2) stopped
Sep 28 08:22:44    Provider cable (2) Started
Sep 28 08:50:55    Provider cable (2) stopped
Sep 28 08:50:56    Provider cable (2) Started
Sep 28 09:53:16    Provider cable (2) stopped
Sep 28 09:53:34    Provider cable (2) Started
Sep 28 11:12:57    Provider cable (2) stopped
Sep 28 11:13:17    Provider cable (2) Started
Sep 28 11:13:28    Provider cable (2) stopped
Sep 28 11:13:41    Provider cable (2) Started
Sep 28 11:13:49    Provider cable (2) stopped
Sep 28 11:14:08    Provider cable (2) Started
Sep 28 11:27:00    Provider cable (2) stopped
Sep 28 11:27:13    Provider cable (2) Started
Sep 28 11:29:08    Provider cable (2) stopped
Sep 28 11:29:50    Provider cable (2) Started
Sep 28 11:42:14    Provider cable (2) stopped
Sep 28 11:42:25    Provider cable (2) Started
Sep 28 11:43:57    Provider cable (2) stopped
Sep 28 11:44:20    Provider cable (2) Started
Sep 28 11:44:25    Provider cable (2) stopped
Sep 28 11:44:55    Provider cable (2) Started
Sep 28 12:06:02    Provider cable (2) stopped
Sep 28 12:06:37    Provider cable (2) Started
Sep 28 12:06:41    Provider cable (2) stopped
Sep 28 12:06:42    Provider cable (2) Started
Sep 28 12:27:32    Provider cable (2) stopped
Sep 28 12:27:43    Provider cable (2) Started
Sep 28 12:28:29    Provider cable (2) stopped
Sep 28 12:28:44    Provider cable (2) Started
Sep 28 12:28:56    Provider cable (2) stopped
Sep 28 12:29:20    Provider cable (2) Started
Sep 28 12:29:23    Provider cable (2) stopped
Sep 28 12:29:44    Provider cable (2) Started
Sep 28 12:30:06    Provider cable (2) stopped
Sep 28 12:30:19    Provider cable (2) Started
Sep 28 12:33:57    Provider cable (2) stopped
Sep 28 12:34:15    Provider cable (2) Started
Sep 28 12:35:07    Provider cable (2) stopped
Sep 28 12:35:20    Provider cable (2) Started
Sep 28 12:35:36    Provider cable (2) stopped
Sep 28 12:35:50    Provider cable (2) Started
Sep 28 12:35:57    Provider cable (2) stopped
Sep 28 12:36:20    Provider cable (2) Started
Sep 28 12:48:31    Provider cable (2) stopped
Sep 28 12:49:18    Provider cable (2) Started
Sep 28 12:50:53    Provider fiber (1) stopped
Sep 28 12:51:15    Provider cable (2) stopped
Sep 28 12:51:26    Provider cable (2) Started
Sep 28 12:51:38    Provider cable (2) stopped
Sep 28 12:51:50    Provider cable (2) Started
Sep 28 12:52:47    Provider fiber (1) Started
Sep 28 13:16:36    Provider cable (2) stopped
Sep 28 13:16:48    Provider cable (2) Started
Sep 28 13:20:15    Provider fiber (1) stopped
Sep 28 13:20:29    Provider fiber (1) Started
Sep 28 13:23:34    Provider cable (2) stopped
Sep 28 13:25:55    Provider cable (2) Started
Sep 28 13:44:53    Provider cable (2) stopped
Sep 28 13:45:56    Provider cable (2) Started
Sep 28 13:48:00    Provider cable (2) stopped
Sep 28 13:48:12    Provider cable (2) Started
Sep 28 13:48:30    Provider cable (2) stopped
Sep 28 13:48:41    Provider cable (2) Started
Sep 28 13:58:43    Provider cable (2) stopped
Sep 28 13:58:54    Provider cable (2) Started
Sep 28 14:02:04    Provider cable (2) stopped
Sep 28 14:02:18    Provider cable (2) Started
Sep 28 14:15:07    Provider cable (2) stopped
Sep 28 14:15:19    Provider cable (2) Started
Sep 28 14:20:13    Provider fiber (1) stopped
Sep 28 14:20:26    Provider fiber (1) Started
Sep 28 14:24:02    Provider cable (2) stopped
Sep 28 14:24:20    Provider cable (2) Started
Sep 28 14:25:45    Provider cable (2) stopped
Sep 28 14:25:46    Provider cable (2) Started
Sep 28 14:40:44    Provider cable (2) stopped
Sep 28 14:41:22    Provider cable (2) Started
Sep 28 14:41:25    Provider cable (2) stopped
Sep 28 14:41:37    Provider cable (2) Started
Sep 28 14:41:41    Provider cable (2) stopped
Sep 28 14:41:53    Provider cable (2) Started
Sep 28 14:49:41    Provider cable (2) stopped
Sep 28 14:49:53    Provider cable (2) Started
Sep 28 14:50:08    Provider cable (2) stopped
Sep 28 14:50:22    Provider cable (2) Started
Sep 28 14:50:36    Provider cable (2) stopped
Sep 28 14:50:53    Provider cable (2) Started
Sep 28 15:08:59    Provider cable (2) stopped
Sep 28 15:09:14    Provider cable (2) Started
Sep 28 15:17:07    Provider cable (2) stopped
Sep 28 15:17:20    Provider cable (2) Started
Sep 28 15:19:02    Provider cable (2) stopped
Sep 28 15:19:16    Provider cable (2) Started
Sep 28 15:23:41    Provider cable (2) stopped
Sep 28 15:23:42    Provider cable (2) Started
Sep 28 15:24:39    Provider fiber (1) stopped
Sep 28 15:24:53    Provider fiber (1) Started
Sep 28 15:26:08    Provider cable (2) stopped
Sep 28 15:26:22    Provider cable (2) Started
Sep 28 15:27:59    Provider cable (2) stopped
Sep 28 15:28:31    Provider cable (2) Started
Sep 28 15:39:02    Provider cable (2) stopped
Sep 28 15:39:18    Provider cable (2) Started
Sep 28 15:53:28    Provider cable (2) stopped
Sep 28 15:53:43    Provider cable (2) Started
Sep 28 15:53:51    Provider cable (2) stopped
Sep 28 15:54:04    Provider cable (2) Started
Sep 28 15:54:07    Provider cable (2) stopped
Sep 28 15:54:19    Provider cable (2) Started
Sep 28 15:54:32    Provider cable (2) stopped
Sep 28 15:54:49    Provider cable (2) Started
Sep 28 16:02:21    Provider cable (2) stopped
Sep 28 16:02:34    Provider cable (2) Started
Sep 28 16:03:58    Provider cable (2) stopped
Sep 28 16:04:25    Provider cable (2) Started
Sep 28 16:13:08    Provider cable (2) stopped
Sep 28 16:13:40    Provider cable (2) Started
Sep 28 16:13:41    Provider cable (2) stopped
Sep 28 16:13:43    Provider cable (2) Started
Sep 28 16:13:44    Provider cable (2) stopped
Sep 28 16:14:24    Provider cable (2) Started
Sep 28 16:15:48    Provider cable (2) stopped
Sep 28 16:16:02    Provider cable (2) Started
Sep 28 16:16:06    Provider cable (2) stopped
Sep 28 16:16:42    Provider cable (2) Started
Sep 28 16:18:01    Provider cable (2) stopped
Sep 28 16:19:18    Provider cable (2) Started
Sep 28 16:19:44    Provider cable (2) stopped
Sep 28 16:20:26    Provider cable (2) Started
Sep 28 16:21:01    Provider cable (2) stopped
Sep 28 16:21:27    Provider cable (2) Started
Sep 28 16:22:10    Provider cable (2) stopped
Sep 28 16:23:48    Provider cable (2) Started
Sep 28 16:24:06    Provider cable (2) stopped
Sep 28 16:26:06    Provider cable (2) Started
Sep 28 16:26:18    Provider cable (2) stopped
Sep 28 16:26:30    Provider cable (2) Started
Sep 28 16:26:43    Provider cable (2) stopped
Sep 28 16:26:52    Provider cable (2) Started
Sep 28 16:26:59    Provider cable (2) stopped
Sep 28 16:28:15    Provider cable (2) Started
Sep 28 16:28:16    Provider cable (2) stopped
Sep 28 16:29:51    Provider cable (2) Started
Sep 28 16:37:20    Provider fiber (1) stopped
Sep 28 16:37:34    Provider fiber (1) Started
Sep 28 17:06:38    Provider fiber (1) stopped
Sep 28 17:06:49    Provider fiber (1) Started
Sep 28 17:16:40    Provider cable (2) stopped
Sep 28 17:16:52    Provider cable (2) Started
Sep 28 17:18:40    Provider cable (2) stopped
Sep 28 17:18:57    Provider cable (2) Started
Sep 28 17:32:17    Provider cable (2) stopped
Sep 28 17:32:28    Provider cable (2) Started
Sep 28 17:51:46    Provider cable (2) stopped
Sep 28 17:52:10    Provider cable (2) Started
Sep 28 18:12:51    Provider fiber (1) stopped
Sep 28 18:13:04    Provider fiber (1) Started
Sep 28 18:15:42    Provider cable (2) stopped
Sep 28 18:15:52    Provider cable (2) Started
Sep 28 18:16:14    Provider cable (2) stopped
Sep 28 18:16:28    Provider cable (2) Started
Sep 28 19:01:15    Provider cable (2) stopped
Sep 28 19:01:27    Provider cable (2) Started
Sep 28 19:09:46    Provider cable (2) stopped
Sep 28 19:09:57    Provider cable (2) Started
Sep 28 19:10:05    Provider fiber (1) stopped
Sep 28 19:10:18    Provider fiber (1) Started
Sep 28 19:22:16    Provider cable (2) stopped
Sep 28 19:22:30    Provider cable (2) Started
Sep 28 19:26:13    Provider cable (2) stopped
Sep 28 19:26:25    Provider cable (2) Started
Sep 28 19:26:37    Provider cable (2) stopped
Sep 28 19:26:49    Provider cable (2) Started
Sep 28 19:27:37    Provider cable (2) stopped
Sep 28 19:27:49    Provider cable (2) Started
Sep 28 19:28:28    Provider cable (2) stopped
Sep 28 19:29:39    Provider cable (2) Started
Sep 28 19:29:42    Provider cable (2) stopped
Sep 28 19:30:00    Provider cable (2) Started
Sep 28 19:53:20    Provider fiber (1) stopped
Sep 28 19:53:34    Provider fiber (1) Started
Sep 28 20:07:35    Provider cable (2) stopped
Sep 28 20:07:48    Provider cable (2) Started
Sep 28 20:51:00    Provider cable (2) stopped
Sep 28 20:51:01    Provider cable (2) Started
Sep 28 20:54:25    Provider cable (2) stopped
Sep 28 20:54:37    Provider cable (2) Started
Sep 28 21:03:24    Provider fiber (1) stopped
Sep 28 21:03:36    Provider fiber (1) Started
Sep 28 21:08:18    Provider cable (2) stopped
Sep 28 21:08:30    Provider cable (2) Started
Sep 28 21:26:19    Provider cable (2) stopped
Sep 28 21:26:30    Provider cable (2) Started
Sep 28 21:26:36    Provider cable (2) stopped
Sep 28 21:26:56    Provider cable (2) Started
Sep 28 21:27:04    Provider cable (2) stopped
Sep 28 21:27:26    Provider cable (2) Started
Sep 28 21:27:34    Provider cable (2) stopped
Sep 28 21:28:05    Provider cable (2) Started
Sep 28 21:28:07    Provider cable (2) stopped
Sep 28 21:28:51    Provider cable (2) Started
Sep 28 21:37:11    Provider cable (2) stopped
Sep 28 21:37:23    Provider cable (2) Started
Sep 28 21:42:50    Provider cable (2) stopped
Sep 28 21:42:51    Provider cable (2) Started
Sep 28 21:52:19    Provider cable (2) stopped
Sep 28 21:52:30    Provider cable (2) Started
Sep 28 22:22:13    Provider cable (2) stopped
Sep 28 22:22:19    Provider cable (2) Started
Sep 28 22:22:36    Provider cable (2) stopped
Sep 28 22:22:47    Provider cable (2) Started
Sep 28 22:30:17    Provider cable (2) stopped
Sep 28 22:30:18    Provider cable (2) Started
Sep 28 22:31:19    Provider fiber (1) stopped
Sep 28 22:31:33    Provider fiber (1) Started
Sep 28 22:31:38    Provider cable (2) stopped
Sep 28 22:31:52    Provider cable (2) Started
Sep 28 22:47:05    Provider cable (2) stopped
Sep 28 22:47:28    Provider cable (2) Started
Sep 28 22:49:13    Provider cable (2) stopped
Sep 28 22:49:14    Provider cable (2) Started
Sep 28 23:06:41    Provider cable (2) stopped
Sep 28 23:06:42    Provider cable (2) Started
Sep 28 23:06:50    Provider cable (2) stopped
Sep 28 23:06:52    Provider cable (2) Started
Sep 28 23:39:55    Provider cable (2) stopped
Sep 28 23:39:55    Provider cable (2) Started
Sep 28 23:42:04    Provider cable (2) stopped
Sep 28 23:42:14    Provider cable (2) Started
Sep 29 00:11:07    Provider cable (2) stopped
Sep 29 00:11:21    Provider cable (2) Started
Sep 29 00:13:47    Provider cable (2) stopped
Sep 29 00:14:02    Provider cable (2) Started
Sep 29 00:16:45    Provider cable (2) stopped
Sep 29 00:17:07    Provider cable (2) Started
Sep 29 00:26:37    Provider cable (2) stopped
Sep 29 00:26:58    Provider cable (2) Started
Sep 29 00:33:13    Provider cable (2) stopped
Sep 29 00:33:14    Provider cable (2) Started
Sep 29 00:45:24    Provider cable (2) stopped
Sep 29 00:45:34    Provider cable (2) Started
Sep 29 01:57:14    Provider cable (2) stopped
Sep 29 01:57:32    Provider cable (2) Started
Sep 29 02:19:01    Provider cable (2) stopped
Sep 29 02:20:02    Provider cable (2) Started
Sep 29 02:33:22    Provider cable (2) stopped
Sep 29 02:33:27    Provider cable (2) Started
Sep 29 02:35:27    Provider cable (2) stopped
Sep 29 02:35:28    Provider cable (2) Started
Sep 29 02:42:05    Provider cable (2) stopped
Sep 29 02:42:07    Provider cable (2) Started
Sep 29 02:46:36    Provider cable (2) stopped
Sep 29 02:46:38    Provider cable (2) Started
Sep 29 02:53:04    Provider fiber (1) stopped
Sep 29 02:53:07    Provider fiber (1) Started
Sep 29 02:59:06    Provider cable (2) stopped
Sep 29 02:59:07    Provider cable (2) Started
Sep 29 02:59:10    Provider cable (2) stopped
Sep 29 02:59:11    Provider cable (2) Started
Sep 29 03:07:18    Provider fiber (1) stopped
Sep 29 03:07:19    Provider fiber (1) Started
Sep 29 03:08:11    Provider fiber (1) stopped
Sep 29 03:08:15    Provider fiber (1) Started
Sep 29 03:10:00    Provider cable (2) stopped
Sep 29 03:10:01    Provider fiber (1) stopped
Sep 29 03:10:14    Provider cable (2) Started
Sep 29 03:10:14    Provider fiber (1) Started
Sep 29 03:10:29    Provider fiber (1) stopped
Sep 29 03:10:31    Provider fiber (1) Started
Sep 29 03:11:50    Provider fiber (1) stopped
Sep 29 03:11:53    Provider fiber (1) Started
Sep 29 03:16:40    Provider cable (2) stopped
Sep 29 03:16:41    Provider fiber (1) stopped
Sep 29 03:16:43    Provider cable (2) Started

I just changed them to:
interval_ms=500
timeout_ms=200

I’ll report back once I know how well that setup works.


(Artem Fedai) #15

@Adam could you please provide me access to PC behind NS for testing LSM + Shorewall


(Adam) #16

Hey @Nas sorry I missed this. I’m sure we can do that… but you know you can setup a similar test infrastructure with virtualization and a couple virtual switches, right? I’m just going into esxi and disconnecting a switch to simulate a WAN outage for testing.


(Adam) #17

Update for anyone interested:
I still had issues with the settings I posted last. 1/10 of the original settings was too much. I was getting more “false failovers”…so I went to 1/4 of the original settings:

interval_ms=1250
timeout_ms=500

24 hours later and no false failovers logged. Failover takes 20-30 seconds and failback takes 1-2 minutes. Very reasonable in my opinion. Much better than waiting a couple minutes for failover with the original settings and then what felt like forever to failback.


(Artem Fedai) #18

how about routing? all is good?


(Adam) #19

The static routes still exist, but that’s just for the specified probe IPs. Use something that’s not necessary and you should be fine. For instance, I wouldn’t recommend using 8.8.8.8… especially if NS is still using default settings to use it for DNS. I’d use 8.8.4.4 instead, and another reliable but unnecessary IP for the other WAN interface.


(Jonathan Dumont) #20

I probably missing something into the discussion but how did you define the weight ?

Example
Given two configured providers:

Provider1: network interface eth1, weight 100
Provider2: network interface eth0, weight 50

http://docs.nethserver.org/en/latest/firewall.html?highlight=wan