[LARTC] Configuring a redundant ethernet connection

Linux Advanced Routing and Traffic Control

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Doug,

 : I am interested in setting up a host with dual ethernet connections to
 : the same IP subnet (but different switches) for redundancy.  We need
 : reasonably transparent failover if an interface fails.

Linux supports channel bonding which should do what you want.  There is
little documentation outside the kernel for this, but what documentation
exists is very good.  This can be found in a linux source tree in the
following file:

  Documentation/networking/bonding.txt

 : In studying the existing HOWTO documents and other stuff produced by
 : Google.... it looks like the configuration in section 4.2 of the HOWTO
 : (Routing for multiple uplinks/providers) comes close to setting up what
 : we need, but there are some issues:

I really don't think this is what you wish to do.

 : 1. As implemented, traffic is segrated by destination and transparent
 : failover is not possible.  If an interface fails, connections would
 : need to be re-established.

  - not true if you are using a multipath [default] route on the router;
    true otherwise

 : 2. Traffic is sourced with an interface specific address.

  - true; this is probably a show stopper for you if your host runs
    services or masquerades.  If neither, then you don't need to care.

 : 3. Incoming traffic would be bound to one or the other and at best
 : would need to rely on something like DNS round robin at connection
 : setup time - not ideal.

  - distinctly the opposite of ideal; a pain in the proverb

 : Though I have not tried this yet, it looks like one might be able to
 : setup a dummy interface with a third IP address on the same subnet, and
 : then proxy arp for that address from either of the real interfaces.
 : This virtual address is the one you would advertise via DNS as the
 : machine's "primary" address, and this address would be used as the
 : Source address on all outgoing packets.

You could do that, but you are getting dangerously to reinventing the
wheel known as VRRP.  I'd suggest checking out both the reference
implementation of vrrpd (under linux) [1] and keepalived [2].  Although
probably less applicable to your situation, you may also want to visit the
linux high availability site [3] and the linux virtual server site [4].

 : Has anyone attempted to set up a redundant interface in this manner or
 : something similar?  How would I arrange for the proxy arping that would
 : be necessary to get traffic for the virtual interface delivered to the
 : real one?  Is there a better way?

Given your description, I'm inclined to suggest bonding as your first
alternative choice.

Good luck,

-Martin

  [1]  http://w3.arobas.net/~jetienne/vrrpd/
  [2]  http://www.keepalived.org/
  [3]  http://linux-ha.org/
  [4]  http://www.linuxvirtualserver.org/

-- 
Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com



[Index of Archives]     [LARTC Home Page]     [Netfilter]     [Netfilter Development]     [Network Development]     [Bugtraq]     [GCC Help]     [Yosemite News]     [Linux Kernel]     [Fedora Users]
  Powered by Linux