system: switch default gateway by optionally selected group #2279
Comments
|
I think route metrics are not in FreeBSD #123 |
|
Hm, OK, Not used by recent kernels. In Gateway - Advanced you can set a priority, would it be possible to patch the Script for adding routes to respect this setting? |
|
@mimugmail what exactly do you mean? |
|
Via Advanced in gateways you can set a priority. When you have 3 you can set them 1 to 3 and when failover occurs, the script changing the routes could (if possible) check if the gateway which is down is a lower number, and if yes is there another gateway with a lower number, then use this as next default gateway, if not, self default gateway. |
|
You mean „weight“?
Yes, we could use that during default gateway switching. But the default gateway will be highest in priority, no matter the weight value.
AFAIK, the weight is for load balancing on multi-wan to distribute traffic using a non 50-50 distribution.
… On 1. Apr 2018, at 21:56, Michael ***@***.***> wrote:
Via Advanced in gateways you can set a priority. When you have 3 you can set them 1 to 3 and when failover occurs, the script changing the routes could (if possible) check if the gateway which is down is a lower number, and if yes is there another gateway with a lower number, then use this as next default gateway, if not, self default gateway.
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or mute the thread.
|
|
Oh, weight, correct. But that doesn't matter since in setups were weight is activly used, you don't care which default gateway the system has. But when you have a 1G, a 100M and a LTE line you don't want to see the firewall switch from 1G to LTE. Sure, the default gw is highest and there can only be one at a time. But it would be good to have a choice :) In the long term (20.1, 20.7) I'd love to see the way Cisco does this with monitoring groups and tracked interfaces. 👍 |
|
Okay, i think we’re on the same page then. 😊 |
fichtner
added
feature
fichtner
changed the title
|
@AdSchellevis this was the topic we talked via IRC lately :) |
|
@mimugmail ok, to summarize what we've discussed (if I remember correctly). If @fichtner agrees, we could add a marker for "backup default" with a weight and use the weights to sort the gateways. This would allow us to prioritise default gateway switching. Ideally we would like to use policy based routing for local traffic too, but that is more of a long run solution. agreed? (if so, I'm offering todo the work for this item) |
|
yes, but I want to see how da4d25e629 works out on 18.7... it's preliminary work to exclude certain gateways from default gateway switching. it's not practical to mark a gateway down and should probably be a separate option, but if this separate option is what we talk about here with a priority setting that would be best. |
|
(it's correct to exclude down gateways from switching, I just mean it's impractical if you don't want it down and still not use it for default switching) |
|
Full agree with this! :) (also with fichtner comments couple of sec's ago) Just to have it here: The need for local PBR traffic would cover all transparent stuff like Squid, siproxd, ftp-proxy etc. Local PBR can be a mind/long term task :) Thanks guys, very appreciated! |
|
|
If you need root access to some Multi WAN systems, ping me <3 |
|
@mimugmail I'll let you know when to test. Still some things to figure out. |
…(host route not created on first execution) and remove get_interface_gatewayXXX usage. for opnsense#2279
…erty could be set to 'dynamic') in Gateway class, for opnsense#2279
…gure(), (host route not created on first execution) and remove get_interface_gatewayXXX usage. for opnsense#2279" This reverts commit 0c1f95b.
…teway() with new class implementation, reverted previous patch (misread the target interface). for opnsense#2279
…ress twice in return_gateway_groups_array(), our gateway class already resolved the address. for opnsense#2279
…ace_gateway() are unused, ditch duplicate these duplicates. for opnsense#2279
…, since we keep the configured "interface", these need to be renamed. for opnsense#2279
…return a gateway with an address as default here. for opnsense#2279
…dition the way it is implemented now. for opnsense#2279 It is used by dhcp client to detect if a default route might be overwritten and it determines default gateway priority. Since I don't want to refactor the dhclient-script at the moment, we best keep the file, but remove the "default" detection. So system_default_route() sets the file, which dhclient can pickup when a new gateway is propagated.
… Since it doesn't make much sense to send all traffic to localhost, we better exclude it to keep the previous behaviour. for opnsense#2279
…consider dpinger endpoints down if not yet available. This could lead to some unexpected gateway switches. for opnsense#2279 We might consider another status for "startup", although since we report loss and delay as "~" it should already be obvious that we don't know the status yet.
…sentation on new/edit equal. Previously you could have a group, containing an item that didn't exist anymore (interface removed), in which case you needed to remove the group to be able to edit it. related to opnsense#2279
…rface" contains the configured value now, we should use "if".
…p, which isn't used in our system. orgininally this came from pfsense/pfsense@ab1112d Let's remove it while working on opnsense#2279
…for opnsense#2279 complete removacl should be part of opnsense#3423
…alert script, since only used there now. for opnsense#2279
…ally, but since you can easily add them manually, we better start without these and only add the ones found in the /tmp/XX_router[XX] files. for opnsense#2279
…y behaviour. Since gif/gre interfaces already write _router files, we should only add openvpn client gateways to mimic the way it wasbefore. Also skip disabled interfaces.
Hi,
is it possible to set a metric in routes or better in gateway config?
The problems is when you have more than 2 lines you can not set an order which line follows after primary down (with gateway switching).
With Cisco you can set as many default gateways and use metrics to set the priority.
Is this also possible with FreeBSD / OPN?
The text was updated successfully, but these errors were encountered: