Grant Taylor wrote:
On 06/21/07 10:35, Peter Rabbitson wrote:
I don't know about any working in-kernel solutions, but you can do it
trivially with netfilter and a cronjob:
<snip>
If I understand what you are proposing correctly, it looks like you are
jumping to a sub-chain used used only for counting traffic. If the
counters show traffic, you are saying that traffic is flowing across the
link and thus the link must be up and functional. Right?
Almost correct
If the link is not up and functional the take action to not use that link.
This is not something I do automatically in netfilter - it is a
responsibility of the cron job.
I'm also not clearly understanding how matching the source IP will work
on either link considering that both links will have the capability to
pass traffic for the same globally routable DMZ subnet. Though I think
this could be mitigated by altering the rules to count packets going out
or coming in an interface rather than based on source / destination IP.
I am counting only INcomming traffic (the -i flag). The source matching
is there only for the following reason: consider
You ->1-> Uplink router ->2-> Internet
If hop 2 is down, then the uplink router might send you back ICMP
messages that whatever destination you are trying to reach is
unreachable. This will count as traffic from the internet, whereas in
fact it isn't. This is why you need to exclude (thus the _!_ in -s) the
immediate uplink hops, and count incomming traffic (whatever it might
be) from the "far side" of the internet only.
_______________________________________________
LARTC mailing list
LARTC@xxxxxxxxxxxxxxx
http://mailman.ds9a.nl/cgi-bin/mailman/listinfo/lartc
