9

Is Network Manager able to check if a default gateway can route packages to the internet?

I have two interfaces, both provide a route to the internet.

When I unplug a cable from any of them, default gateway is being updated and my internet connection works. But if the current preferred gateway fails without breaking a physical link, system does not fail over to second one.

I've tried to set a higher metric to a failing GW manually, it worked, but it is a manual step which I want to avoid.

Can this problem be solved using Network Manager?

My setup: Ubuntu 16.04, NM 1.2.2

UPD

Community member on NM's irc channel answered that NM does not check if a gateway actually works and does not perform any GW switching.

VRRP/ucarp/heartbeat/keepalived do not check it either. They only check a network availability, and switch the upstream GWs behind a virtual interface. This does not help in my case.

Iproute's nexthop kinda works, but with an enormous latency. Routes are being cached by kernel and even after ip route flush cache it took about 10 minutes for system to fail over to second GW.

ip route replace default scope global \
  nexthop via 11.22.33.1 dev eth0 weight 1 \
  nexthop via 55.66.77.1 dev eth1 weight 1

My current solution: a shell script which checks if current default gw provides internet access; if not - it increases a metric of current GW and system fail over to second one with a lower metric.

I'm still hoping to find a more elegant solution.

Volodymyr Linevych
  • 193
  • 1
  • 1
  • 8

3 Answers3

4

This is what BGP was made for. Using what is commonly referred to as iBGP for internal router intercommunication and path redundancy and/or eBGP for Internet level full path redundancy. BGP describes a protocol for routers to communicate with one another the analytical data necessary to make judgment calls on the nature of valid and functional traffic paths within an autonomous system.

I don't see anyone doing this with NetworkManager as a runtime configuration tool for this degree of routing. NM has had historical problems with not scaling well when using many routes, and there is much better software that's designed to do what you want.

Most commercial routers will have BGP functionality, so you could get it "canned". I normally use pfSense or VyOS if I'm going for a "software router" as they both virtualize well. VyOS even maintains LXD images, so I typically use that. You can also use BGP on most Linux distributions by hand with the openbgbpd or quagga packages.

Many SDN solutions use BGP to provide redundancy and network balancing rather than systems like MLAG, as many MLAG implementations on ethernet switches and routers have historically been either too vendor specific or do not operate as expected especially when using non-matching hardware. Rather than worry about control drivers for every switch out there, SDN often is geared towards operating above layer 2 for these multi-node redundancy solutions even within an internal network.

Spooler
  • 7,016
  • 16
  • 29
2

You can now add a connectivity check to NM, which will automatically increase the interface metric should a host be uncontactable.

See the connectivity section of NetworkManager.conf. Digi also have a good article on the subject.

emorris
  • 191
  • 8
0

I think there are several possibilities. The best/modern way is to use iproute2 "tables". I haven't yet groked it fully, but its described here: http://mlvpn.readthedocs.io/en/latest/linux_example.html Unfortunately, that example does MORE than what you ask for, and this confused the issue. But I believe that something like this might work:

ip route show table main

ip route add default via 10.70.1.1 dev eth0 table 100

ip route add default via 10.70.70.1 dev eth0 table 101

Optionally, edit /etc/iproute2/rt_tables and add two lines:

100 myfavgw

101 myothergw

And then you can refer to these by name:

ip route add default via 10.70.70.1 dev eth0 table myothergw

Some additional fiddling might be needed, but the above seems like a promising start. I cannot test it, because one of my two gateways have just gone down :-(

Second method seems to depend on rather old technology. This article from 2005 suggests that if you have two NIC's, you can specify a different default gateway for each: https://www.linux.com/news/using-linux-failover-router. So - thinking out loud - if you don't have two NIC's, there is a way (I've forgotten how) to create a second virtual interface, and have it use the same ethernet card (doing so was as easy as loading a kernel module, and it worked great). If one can still specify a different default gw for each interface, then this second approach would be an old school solution to the problem.

The third solution is the ugly one. As you point out, one can run a shell script every minute, to check.

Such a script can be found here!

djdomi
  • 1,377
  • 3
  • 10
  • 19
Linas
  • 101
  • 3