Hi
I ran across this setup on Github:
https://gist.github.com/marfillaster/7a ... id=4233415
Could anyone help me understand why there are two recursive routes in the setup?
either
# recursive routes for ECMP default gateways, dst-address are public DNS servers
or
# recursive routes for default gateways, dst-address are public DNS servers
Would just one of them be enough?
Thanks
Re: Dual DHCP WAN recursive failover w/ PCC load-balancing; and recursive ECMP
I dont understand the premise.
ECMP and PCC are two different load balancing types, thus confused.
Yes, I dont understand what he is doing for routing for the NON ECMP routes either...
Its actually incomplete....
I dont know about ECMP (equal path) but in the case of PCC you still need to assign some distance between the two routes so no amiguity.
You want to check gateway=ping to ensure that you want the router to keep checking to see if connectivity has been established and thus use that route if possible.
In this case the OP is looking at two different DNS addresses for each route to ensure that there is connectivity. One separates the two options by distance.
So for ISP2, I would do it differently....
The config is missing target scope. Also I changed the DNS target points so that ISPs would use independent sites (within the two ISP checks and between ISPs).
# Failover and Recursive. Two checks per ISP, with failover from ISP1 to ISP2 required in MAIN TABLE, separated by distance.
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=64.6.64.6 routing-table=main scope=10 target-scope=12 comment=ISP1
add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-table=main scope=10 target-scope=12 comment=ISP1
add check-gateway=ping distance=3 dst-address=0.0.0.0/0 gateway=9.9.9.9 routing-table=main scope=10 target-scope=12 comment=ISP2
add check-gateway=ping distance=4 dst-address=0.0.0.0/0 gateway=208.67.222.222 routing-table=main scope=10 target-scope=12 comment=ISP2
# recursive routes for default gateways, dst-address are public DNS servers
add distance=1 dst-address=64.6.64.6/32 gateway=ISP1-gatewayIP scope=10 comment="ISP1" target-scope=11
add distance=2 dst-address=1.1.1.1/32 gateway=ISP1-gatewayIP scope=10 comment="ISP1" target-scope=11
add distance=3 dst-address=9.9.9.9/32 gateway=ISP2-gatewayIP scope=10 comment="ISP2 target-scope=11
add distance=4 dst-address=208.67.222.222/32 gateway=ISP2-gatewayIP scope=10 comment="ISP2" target-scope=11
Then one has the Specific Routes for the PCC added tables.
add distance=1 dst-address=0.0.0.0/0 gateway=ISP1-GatewayIP routing-table=to_ISP1
add distance=1 dst-address=0.0.0.0/0 gateway=ISp2-GatewayIP routing-table=to_ISP2
DONE!!
what this is saying in effect, is that ISP1 has priority and should be checked thru DNSX for connectivity.
IF that is not working then switch to ISP1 route which is being checked thru DNSY for connectivity.
If any time DNX comes back on line, switch back to using the first route of the two.
IF neither are working then move to ISP
repeat and rinse.
Thus there is a hiearchy at play where all routes if not available are checked to see if they have come back up and are potentially availalbe for use.
This is the default setup.
NOW for PCC, we bypass this routing by directing users to ethe1 and ether2 based on the PCC algoritm.
The recursive routes already tell the router if the routes are available,
The PCC routes tells the router which ISP to use for the traffic.
IF one or the other ISP is down, the router goes to the main table and finds the other available route (opposite ISP) and sends the PCC traffic down that WAN link as well.
(this is clean shift of ALL TRAFFIC to the other ISP)
Pretty easy peasy if you have two links but what happens when you have three.
Well you can set the order in the main routing table accordingly, or decide its not wan1,2,3 its more like wan2,3,1 etc......
(THIS IS A CLEAN SHIFT OF ONE ISPs PCC traffic to one of the remaining ISPs and so on)
Add another wan so now we have 4.
We can discuss another layer of complexity, IMAGINE if you want a failure of one ISP, and its traffic NOT To go to one other WAN link but to be spread equally among the remaining WAN links.
This can be done but you need to increase the number of PCC rules and routes accordingly
ECMP and PCC are two different load balancing types, thus confused.
Yes, I dont understand what he is doing for routing for the NON ECMP routes either...
Its actually incomplete....
I dont know about ECMP (equal path) but in the case of PCC you still need to assign some distance between the two routes so no amiguity.
You want to check gateway=ping to ensure that you want the router to keep checking to see if connectivity has been established and thus use that route if possible.
In this case the OP is looking at two different DNS addresses for each route to ensure that there is connectivity. One separates the two options by distance.
So for ISP2, I would do it differently....
The config is missing target scope. Also I changed the DNS target points so that ISPs would use independent sites (within the two ISP checks and between ISPs).
# Failover and Recursive. Two checks per ISP, with failover from ISP1 to ISP2 required in MAIN TABLE, separated by distance.
add check-gateway=ping distance=1 dst-address=0.0.0.0/0 gateway=64.6.64.6 routing-table=main scope=10 target-scope=12 comment=ISP1
add check-gateway=ping distance=2 dst-address=0.0.0.0/0 gateway=1.1.1.1 routing-table=main scope=10 target-scope=12 comment=ISP1
add check-gateway=ping distance=3 dst-address=0.0.0.0/0 gateway=9.9.9.9 routing-table=main scope=10 target-scope=12 comment=ISP2
add check-gateway=ping distance=4 dst-address=0.0.0.0/0 gateway=208.67.222.222 routing-table=main scope=10 target-scope=12 comment=ISP2
# recursive routes for default gateways, dst-address are public DNS servers
add distance=1 dst-address=64.6.64.6/32 gateway=ISP1-gatewayIP scope=10 comment="ISP1" target-scope=11
add distance=2 dst-address=1.1.1.1/32 gateway=ISP1-gatewayIP scope=10 comment="ISP1" target-scope=11
add distance=3 dst-address=9.9.9.9/32 gateway=ISP2-gatewayIP scope=10 comment="ISP2 target-scope=11
add distance=4 dst-address=208.67.222.222/32 gateway=ISP2-gatewayIP scope=10 comment="ISP2" target-scope=11
Then one has the Specific Routes for the PCC added tables.
add distance=1 dst-address=0.0.0.0/0 gateway=ISP1-GatewayIP routing-table=to_ISP1
add distance=1 dst-address=0.0.0.0/0 gateway=ISp2-GatewayIP routing-table=to_ISP2
DONE!!
what this is saying in effect, is that ISP1 has priority and should be checked thru DNSX for connectivity.
IF that is not working then switch to ISP1 route which is being checked thru DNSY for connectivity.
If any time DNX comes back on line, switch back to using the first route of the two.
IF neither are working then move to ISP
repeat and rinse.
Thus there is a hiearchy at play where all routes if not available are checked to see if they have come back up and are potentially availalbe for use.
This is the default setup.
NOW for PCC, we bypass this routing by directing users to ethe1 and ether2 based on the PCC algoritm.
The recursive routes already tell the router if the routes are available,
The PCC routes tells the router which ISP to use for the traffic.
IF one or the other ISP is down, the router goes to the main table and finds the other available route (opposite ISP) and sends the PCC traffic down that WAN link as well.
(this is clean shift of ALL TRAFFIC to the other ISP)
Pretty easy peasy if you have two links but what happens when you have three.
Well you can set the order in the main routing table accordingly, or decide its not wan1,2,3 its more like wan2,3,1 etc......
(THIS IS A CLEAN SHIFT OF ONE ISPs PCC traffic to one of the remaining ISPs and so on)
Add another wan so now we have 4.
We can discuss another layer of complexity, IMAGINE if you want a failure of one ISP, and its traffic NOT To go to one other WAN link but to be spread equally among the remaining WAN links.
This can be done but you need to increase the number of PCC rules and routes accordingly
Who is online
Users browsing this forum: jurajhampel and 18 guests