TODO
* Implement QOS on WAN2 (help?)
* WAN Failover
* DNS Failover (server doesn't appear to switch when an interface is down.)
* VPN testing
Change Log
ver. 0.1 - Modified w2.evt script to account for DNS route and disabled interfaces.
ver. 0.5 - Added iptables rules to preserve routes across connections, saved previous settings to properly remove rules/routes.
Useful info:
"RTNETLINK answers: No such process" means ip route cant find the interface "RTNETLINK answers: file exists" means there is already an overlapping entry in the routing table
I use the following at the beginning of my scripts to paste them into putty:
scrName=fullPathToYourScript
echo "" > $scrName
vi $scrName
:set noautoindent
i
Then just type: `Esc` :wq `Enter`
Preface
I have been working on a dual wan setup for Tomato for a while now and have compiled and modified a few scripts from various sources. This setup enables a second wan on port 4 of the router configured for DHCP (PPPOE is possible with modifications to the script). QOS is only applied to the primary WAN (i.e. WAN2 no QOS). I haven't tested to see what effect port forwarding has as that has not been a priority of the project. This works on a Asus WL-500GPv2 running the following flavor of Tomato:
* tomato-K26USB-1.27.9047MIPSR1-beta16-Ext
available from: http://tomatousb.org/ (Thank you teddy_bear.)
Of course you are modifying your router so the standard disclaimer applies... it is possible you can brick your router, use at your own risk, however I haven't bricked one beyond recovery...yet. I recommend running the w2.init script from the command line first, before you add any lines to the Administration, Scripts web interface, this way a simple power cycle will restore the routing table and firewall if you run into problems, if you mess up the nvram port settings then look into router reset / recovery, unless of course you implemented the safeguard mentioned in the Removal section.
This is a multi step process where first the new interface is created and then scripts are added to the 'Firewall' and 'WAN Up' scripts. Since the firewall and routing table is flushed and rebuilt every time the WAN comes up.
Prerequisites
* 2 wan connections
* jffs enabled and formatted.
* open port 4 on the router for wan 2 (you can change this)
* wan 1 is connected to WAN port
* Console access to router (ssh, telnet, etc...)
Removal
(This is first just in case...)
■as a safety precaution you may want to put this into the 12 second plus button script in case something goes wrong.
Remove the w2.init and w2.evt scripts from Firewall and WAN Up respectively and run the following in a console:
nvram set vlan0ports="0 1 2 3 5*"
nvram set vlan1ports="4 5"
nvram unset vlan2ports
nvram unset vlan2hwname
nvram unset wan2_iface
nvram unset wan_weight
nvram unset wan2_weight
#the following is optional and will remove all scripts from the Firewall and WAN Up... you are warned.
nvram set script_fire=""
nvram set script_wanup=""
# or if you stored your scripts as illustrated this will preserve your other scripts... I like this one better
nvram set script_fire=`nvram get script_fire
grep -v jffs/wan2/w2.evt`
nvram set script_wanup=`nvram get script_wanup
grep -v /jffs/wan2/w2.init`
nvram commit
#for completeness delete the scripts folder
rm -r /jffs/wan2
Setup Dual Wan Round Robbin Loadbalancing
First Create your 2nd wan interface: vlan2 on port 4
■Ports are labeled in reverse order i.e.
Box label: WAN 1 2 3 4
Nvram label: 4 3 2 1 0
some of the newer routers may have different internal assignments, so you may want to run
nvram show
grep vlan.ports
and examine the output... before modification mine looks like:
vlan0ports=1 2 3 4 5*
vlan1ports=0 5
Using the console:
nvram set vlan0ports="3 2 1 5*"
nvram set vlan1ports="4 5"
nvram set vlan2ports="0 5"
nvram set vlan2hwname=et0
nvram set wan2_iface=vlan2
#the following adjust the Round Robbin weighting of each respective interface
nvram set wan_weight=1
nvram set wan2_weight=1
nvram commit
mkdir /jffs/wan2
Using the console and your favorite text editor create the following script and save it to:
/jffs/wan2/w2.init
#!/bin/sh
# script to bring up the secondary wan interface
ModName="WAN2 init: "
runscr="/jffs/wan2/w2.evt"
iface=`nvram get wan2_iface`
lanhost=`nvram get lan_hostname`
#logger $ModName killing old: `ps
grep $iface
grep -v grep
awk '{print $1}'`
kill `ps
grep $iface
grep -v grep
awk '{print $1}'`
ifconfig $iface down
sleep 5
logger $ModName starting... $iface
ifconfig $iface up
ip=`udhcpc -i $iface -s $runscr -H $lanhost
grep Lease
awk '{print $3}'`
#ifconfig $iface up $ip
logger $ModName complete: $iface $ip
Using the console and your favorite text editor create the following script and save it to:
/jffs/wan2/w2.evt
#!/bin/sh
# Dual Wan Script for Tomato
# Purpose: insert the firewall and route entries, update DNS for wan2
# ver. 0.5
# secondary wan comes up, or the firewall is rebuilt
# Assumptions:
# Wan 2 is DHCP
# the following entries exist in nvram and are configured properly ( name(default value) ):
# lan_ifname(br0)
# wan_iface(vlan1)
# wan2_iface(vlan2)
#
# *use these values to adjust the round robbin weighting for each wan:
# wan_weight(1)
# wan2_weight(1)
#
# vlan0ports(3 2 1 5*)
# vlan1ports(4 5)
# vlan2ports(0 5)
# vlan2hwname(et0)
#IF0= local interface
#P0_NET= local network
#IFx= name of the interface on WANx
#IPx= IP address associated with $IFx
#Px= be the IP address of the gateway at Provider x
#Px_NET= be the IP network $Px is in
#IFx_W= Weight to assign the interface #IFx for round robbin load balancing
# Example values for variables:
# Local lan: (this is for understanding only as most values are set using either nvram or dynamically determined)
#IF0=br0
#IP0=192.168.108.1
#P0_NET=192.168.108.0/24
# Wan #1: (this is for understanding only as most values are set using either nvram or dynamically determined)
#IF1=vlan1
#IF1_W=1
#IP1=192.168.8.115
#P1=192.168.8.1
#P1_NET=192.168.8.0/24
# Wan #2: (this is for understanding only as most values are set using either nvram or dynamically determined)
#IF2=vlan2
#IF2_W=1
#IP2=192.168.0.14
#P2=192.168.0.1
#P2_NET=192.168.0.0/24
# dnamasq DNS table path
RESOLV_CONF="/tmp/etc/resolv.dnsmasq"
WANname="WAN2 evt: "
#must use numbers for table names
T1=100
T2=200
# marks for rules/routes
Mrk1=0x100
Mrk2=0x200
#logger $WANname start $0 $1
case "$1" in
deconfig)
ifconfig $interface 0.0.0.0
nvram set wan2_get_dns=""
;;
renew
bound)
ifconfig $interface $ip
${broadcast:+broadcast $broadcast}
${subnet:+netmask $subnet}
if [ -n "$router" ] ; then
#echo "deleting routers"
#while route del default gw 0.0.0.0 dev $interface ; do
# :
#done
# record the gateway
for i in $router ; do
#route add default gw $i dev $interface
#logger $WANname gateway $i
nvram set wan2_gateway=$i
done
fi
# i don't think I want to lose my existing dns servers.
${domain:+echo search $domain >> $RESOLV_CONF}
for i in $dns ; do
grep $i $RESOLV_CONF
if [ $? -ne 0 ]; then
logger $WANname adding dns $i
echo nameserver $i >> $RESOLV_CONF
nvram set wan2_get_dns=$i
fi
#if you use dyndns you may wan to use this.
#wget -O /dev/null http://USER:PASSWORD@members.dyndns.org/nic/update?hostname=DOMAIN
done
;;
esac
#logger $WANname variable init
# retrieve all the old settings to use for iptables/route removal
IF0=`nvram get lan_ifname_old`
IP0=`nvram get lan_ip_old`
P0_NET=`nvram get lan_net_old`
IF1=`nvram get wan_iface_old`
IP1=`nvram get wan_ip_old`
P1=`nvram get wan_gateway_old`
P1_NET=`nvram get wan_net_old`
IF1_W=`nvram get wan_weight_old`
IF2=`nvram get wan2_iface_old`
IP2=`nvram get wan2_ip_old`
P2=`nvram get wan2_gateway_old`
P2_NET=`nvram get wan2_net_old`
IF2_W=`nvram get wan2_weight_old`
IF2_DNS=`nvram get wan2_get_dns_old`
# since we want to preserve the existing routing table
# just remove what we are going to add
#logger $WANname removing firewall and routes
ip route del default scope global nexthop via $P1 dev $IF1 weight $IF1_W nexthop via $P2 dev $IF2 weight $IF2_W
#ip route del $P1_NET dev $IF1 src $IP1 table $T1
#ip route del default via $P1 table $T1
#ip route del $P2_NET dev $IF2 src $IP2 table $T2
#ip route del default via $P2 table $T2
ip route del $P1_NET dev $IF1 src $IP1
ip route del $P2_NET dev $IF2 src $IP2
ip route del default via $P1
ip route del default via $P2
ip route flush table $T1
ip route flush table $T2
ip rule flush
ip rule add lookup main prio 32766
ip rule add lookup default prio 32767
#logger $WANname routes removed
# remove iptables rules
iptables -D FORWARD $NDX -o $IF2 -j wanout
iptables -D FORWARD $NDX -i $IF2 -j wanin
iptables -D INPUT -j DROP -i $IF0 -d $IP2
iptables -t nat -D PREROUTING -j DROP -i $IF2 -d $P0_NET
iptables -t nat -D PREROUTING -j DNAT -p icmp -d $P2 --to-destination $IP0
iptables -t mangle -D PREROUTING -i $IF1 -m state --state NEW -j CONNMARK --set-mark $Mrk1
iptables -t mangle -D PREROUTING -i $IF2 -m state --state NEW -j CONNMARK --set-mark $Mrk2
iptables -t mangle -D POSTROUTING -o $IF1 -m state --state NEW -j CONNMARK --set-mark $Mrk1
iptables -t mangle -D POSTROUTING -o $IF2 -m state --state NEW -j CONNMARK --set-mark $Mrk2
iptables -t mangle -D PREROUTING -i $IF0 -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t mangle -D OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -D POSTROUTING -t nat -m mark --mark $Mrk1 -j SNAT --to-source $IP1
iptables -D POSTROUTING -t nat -m mark --mark $Mrk2 -j SNAT --to-source $IP2
iptables -t nat -D POSTROUTING -j MASQUERADE -o $IF2
#logger firewall rules removed
# Fill Local lan variables
IF0=`nvram get lan_ifname`
IP0=`ifconfig $IF0
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 "." $4}'`
P0_NET=`echo $IP0
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 ".0/24"}'`
# Fill Wan #1 variables
IF1=`nvram get wan_iface`
IP1=`ifconfig $IF1
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 "." $4}'`
P1=`nvram get wan_gateway`
P1_NET=`echo $IP1
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 ".0/24"}'`
IF1_W=`nvram get wan_weight`
# Fill Wan #2 variables
IF2=`nvram get wan2_iface`
IP2=`ifconfig $IF2
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 "." $4}'`
P2=`nvram get wan2_gateway`
P2_NET=`echo $IP2
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 ".0/24"}'`
IF2_W=`nvram get wan2_weight`
IF2_DNS=`nvram get wan2_get_dns`
# add the routes and firewall rules
if [ "$1" != "deconfig" ]; then
#logger $WANname appending firewall and routes
if [ "$IF2_DNS" != "" ]; then
#Add the wan2 dns route if it exists
nvram set wan2_get_dns_old=$IF2_DNS
nvram set wan2_iface_old=$IF2
ip route add $IF2_DNS dev $IF2
fi
if [ "$IP1" != "" ]; then
nvram set wan_iface_old=$IF1
nvram set wan_ip_old=$IP1
nvram set wan_gateway_old=$P1
nvram set wan_net_old=$P1_NET
nvram set wan_weight_old=$IF1_W
# add rules first
ip rule add from $IP1 table $T1 prio 100
ip rule add fwmark $Mrk1 table $T1 prio 101
# now add the routes...
ip route add $P1_NET dev $IF1 src $IP1 table $T1
ip route add $P1_NET dev $IF1 src $IP1
ip route add default via $P1 table $T1
ip route add $P0_NET dev $IF0 table $T1
ip route add 127.0.0.0/8 dev lo table $T1
fi
if [ "$IP2" != "" ]; then
# save values
nvram set wan2_iface_old=$IF2
nvram set wan2_ip_old=$IP2
nvram set wan2_gateway_old=$P2
nvram set wan2_net_old=$P2_NET
nvram set wan2_weight_old=$IF2_W
# add rules first
ip rule add from $IP2 table $T2 prio 200
ip rule add fwmark $Mrk2 table $T2 prio 201
# now add the routes...
ip route add $P2_NET dev $IF2 src $IP2 table $T2
ip route add $P2_NET dev $IF2 src $IP2
ip route add default via $P2 table $T2
ip route add $P0_NET dev $IF0 table $T2
ip route add 127.0.0.0/8 dev lo table $T2
fi
# if both interfaces are up load balance
if [[ "$IP1" != "" && "$IP2" != "" ]]; then
logger $WANname LoadBalance enabled
ip route add $P2_NET dev $IF2 table $T1
ip route add $P1_NET dev $IF1 table $T2
# now apply weighted round robbin load balancing:
ip route add default scope global nexthop via $P1 dev $IF1 weight $IF1_W nexthop via $P2 dev $IF2 weight $IF2_W
else
# see if we can add a default route
if [ "$IP1" != "" ]; then
logger $WANname LoadBalance disabled Default route via $IF1
ip route add default via $P1
fi
if [ "$IP2" != "" ]; then
logger $WANname LoadBalance disabled Default route via $IF2
ip route add default via $P2
fi
fi
ip route flush cache
if [ "$IP2" != "" ]; then
#get the line number after wanout to insert the interface at the correct position
NDX=`iptables -L FORWARD -v --line-numbers
sed -n "/wanout/h;$ {x;p;}"
awk '{print $1}'`
NDX=`expr $NDX + 1`
iptables -I FORWARD $NDX -o $IF2 -j wanout
iptables -I FORWARD $NDX -i $IF2 -j wanin
iptables -I INPUT -j DROP -i $IF0 -d $IP2
iptables -t nat -A PREROUTING -j DROP -i $IF2 -d $P0_NET
iptables -t nat -A PREROUTING -j DNAT -p icmp -d $P2 --to-destination $IP0
# Setup rules for preserving routes across connections (conversations)
iptables -t mangle -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t mangle -A OUTPUT -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark
iptables -t mangle -A PREROUTING -i $IF1 -m state --state NEW -j CONNMARK --set-mark $Mrk1
iptables -t mangle -A PREROUTING -i $IF2 -m state --state NEW -j CONNMARK --set-mark $Mrk2
iptables -t mangle -A PREROUTING -m connmark --mark $Mrk1 -j MARK --set-mark $Mrk1
iptables -t mangle -A PREROUTING -m connmark --mark $Mrk2 -j MARK --set-mark $Mrk2
iptables -t mangle -A PREROUTING -m state --state NEW -m connmark ! --mark 0 -j CONNMARK --save-mark
# Selective routing example: send all http traffic to a specific interface (WAN 1)
#iptables -t mangle -A PREROUTING -i $IF1 -m state --state NEW -p tcp --dport 80 -j CONNMARK --set-mark $Mrk1
#iptables -t mangle -A PREROUTING -i $IF1 -m state --state NEW -p tcp --dport 443 -j CONNMARK --set-mark $Mrk1
# enable masquerading on the interface
iptables -t nat -A POSTROUTING -j MASQUERADE -o $IF2
# turn off Reverse Path Filtering as this is a multi-homed router.
RP_PATH=/proc/sys/net/ipv4/conf
for IFACE in `ls $RP_PATH`; do
echo 0 > $RP_PATH/$IFACE/rp_filter
done
fi
fi
When testing out the scripts a bunch of "RTNETLINK answers" may occur as the script is trying to remove routes that don't yet exist, this is ok. Once you have tested out your connection using the console add the following to the Firewall and WAN Up scripts and your done.
Web Interface:Administration:Scripts:Firewall
/jffs/wan2/w2.evt
Web Interface:Administration:Scripts:WAN Up
/jffs/wan2/w2.init
Failover Script
#!/bin/sh
# Failover Script for dual wan.
# ver. 0.1
# 0 is good
# !0 bad
#IFx_PINGIP=the address to ping
#IFx= the interface name
#IFx_IP= the interface IP
#IFx_GW= the gateway associated with the interface
#IFx_FAIL_MAX= the trigger point at which the interface is considered down
#IFx_SUCC_MAX= the trigger point at which the interface is considered up
#IFx_W= round robbin weighting factor
#IFx_PING_CT= the current test ping tally
#IFx_PING= the current ping result
#IFx_LPING= the previous ping result
#IFx_ISUP= the status of the interface as determined by the MAX ping counts
#IFx_TEST= testing status
# WAN 1 tracking variables
IF1_PING_CT=0
IF1_PING=1
IF1_LPING=-3
IF1_ISUP=1
IF1_TEST=0
# WAN 2 tracking variables
IF2_PING_CT=0
IF2_PING=1
IF2_LPING=-3
IF2_ISUP=1
IF2_TEST=0
#apply defaults if needed
if [ `nvram get wanfail_defaults` != "1" ]; then
echo setting nvram defaults
nvram set wanfail_defaults=1
nvram set wanfail_interval=10
nvram set wanfail_ping_timeout=2
nvram set wanfail_w1_pingadd=www.yahoo.com
nvram set wanfail_w1_fail_max=5
nvram set wanfail_w1_succ_max=2
nvram set wanfail_w1_refresh=1
nvram set wanfail_w2_pingadd=www.yahoo.com
nvram set wanfail_w2_fail_max=5
nvram set wanfail_w2_succ_max=2
nvram set wanfail_w2_refresh=1
fi
# interval to pause between ping attempts
SLEEP_SEC=`nvram get wanfail_interval`
# ping timeout
PING_SEC=`nvram get wanfail_ping_timeout`
PING_DLY=2
#run the configuration the first time.
nvram set wanfail_w1_refresh=0
nvram set wanfail_w2_refresh=0
EXECFG=0
while : ; do
echo " "
echo " "
echo sleeping for $SLEEP_SEC sec.
sleep $SLEEP_SEC
echo " "
echo Testing WAN 1
if [ `nvram get wanfail_w1_refresh` != "1" ]; then
echo refreshing wan1 vars
nvram set wanfail_w1_refresh=1
# Obtain Wan #1 variables
IF1_PINGIP=`nvram get wanfail_w1_pingadd`
IF1=`nvram get wan_iface`
IF1_IP=`ifconfig $IF1
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 "." $4}'`
IF1_GW=`nvram get wan_gateway`
IF1_FAIL_MAX=`nvram get wanfail_w1_fail_max`
IF1_SUCC_MAX=`nvram get wanfail_w1_succ_max`
IF1_W=`nvram get wan_weight`
PING_SEC=`nvram get wanfail_ping_timeout`
SLEEP_SEC=`nvram get wanfail_interval`
SLEEP_SEC=`expr $SLEEP_SEC - $PING_DLY`
if [ $SLEEP_SEC -lt 5 ]; then
nvram set wanfail_interval=5
SLEEP_SEC=5
fi
fi
# WAN 1
# ping the test ip
echo ping -W $PING_SEC -I $IF1_IP -c 1 $IF1_PINGIP > /dev/null 2>&1
ping -W $PING_SEC -I $IF1_IP -c 1 $IF1_PINGIP > /dev/null 2>&1
IF1_PING=$?
echo $IF1 Ping result: $IF1_PING
if [ $IF1_PING -ne $IF1_LPING ]; then
# here all we know is the ping status changed so reset the counter.
echo $IF1 Status switched $IF1_LPING to $IF1_PING
IF1_PING_CT=0
IF1_TEST=0
fi
# record the last ping
IF1_LPING=$IF1_PING
# if were in testing then proceed
if [ $IF1_TEST -eq "0" ]; then
if [ $IF1_PING -eq $IF1_ISUP ]; then
# stop testing as the status has not really changed...
echo testing halted as the ping result is consistent with the status... $IF1_PING = $IF1_ISUP
IF1_TEST=1
else
#increment the ping count
IF1_PING_CT=`expr $IF1_PING_CT + 1`
echo $IF1 ping count=$IF1_PING_CT
if [ $IF1_ISUP -eq "0" ]; then
echo testing for failure
# zero equals up so check for failure
# so if we are testing and status is up check to see if we are past the trigger limit
if [ $IF1_PING_CT -gt $IF1_FAIL_MAX ]; then
IF1_TEST=1
IF1_ISUP=1
EXECFG=0
echo $IF1 exceeded the fail count status changed to $IF1_ISUP
fi
else
echo testing for success
# test for max success condition
if [ $IF1_PING_CT -gt $IF1_SUCC_MAX ]; then
#not testing anymore
IF1_TEST=1
IF1_ISUP=0
EXECFG=0
echo $IF1 exceeded the success count status changed to $IF1_ISUP
fi
fi
fi
fi
sleep $PING_DLY
echo " "
echo Testing WAN 3
# WAN 2
if [ `nvram get wanfail_w2_refresh` != "1" ]; then
echo refreshing wan2 vars
nvram set wanfail_w2_refresh=1
# Obtain Wan #2 variables
IF2_PINGIP=`nvram get wanfail_w2_pingadd`
IF2=`nvram get wan2_iface`
IF2_IP=`ifconfig $IF2
grep -Eo '[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}'
awk -F . '$1 != 127 && $1 !=255 && $4 < 255{print $1 "." $2 "." $3 "." $4}'`
IF2_GW=`nvram get wan2_gateway`
IF2_FAIL_MAX=`nvram get wanfail_w2_fail_max`
IF2_SUCC_MAX=`nvram get wanfail_w2_succ_max`
IF2_W=`nvram get wan2_weight`
PING_SEC=`nvram get wanfail_ping_timeout`
SLEEP_SEC=`nvram get wanfail_interval`
SLEEP_SEC=`expr $SLEEP_SEC - $PING_DLY`
if [ $SLEEP_SEC -lt 5 ]; then
nvram set wanfail_interval=5
SLEEP_SEC=5
fi
fi
# ping the test ip
echo ping -W $PING_SEC -I $IF2_IP -c 1 $IF2_PINGIP > /dev/null 2>&1
ping -W $PING_SEC -I $IF2_IP -c 1 $IF2_PINGIP > /dev/null 2>&1
IF2_PING=$?
echo $IF2 Ping result: $IF2_PING
if [ $IF2_PING -ne $IF2_LPING ]; then
# here all we know is the ping status changed so reset the counter.
echo $IF2 Status switched $IF2_LPING to $IF2_PING
IF2_PING_CT=0
IF2_TEST=0
fi
# record the last ping
IF2_LPING=$IF2_PING
# if were in testing then proceed
if [ $IF2_TEST -eq "0" ]; then
if [ $IF2_PING -eq $IF2_ISUP ]; then
# stop testing as the status has not really changed...
echo testing halted as the ping result is consistent with the status... $IF2_PING = $IF2_ISUP
IF2_TEST=1
else
#increment the ping count
IF2_PING_CT=`expr $IF2_PING_CT + 1`
echo $IF2 ping count=$IF2_PING_CT
if [ $IF2_ISUP -eq "0" ]; then
echo testing for failure
# zero equals up so check for failure
# so if we are testing and status is up check to see if we are past the trigger limit
if [ $IF2_PING_CT -gt $IF2_FAIL_MAX ]; then
IF2_TEST=1
IF2_ISUP=1
EXECFG=0
echo $IF2 exceeded the fail count status changed to $IF2_ISUP
fi
else
echo testing for success
# test for max success condition
if [ $IF2_PING_CT -gt $IF2_SUCC_MAX ]; then
#not testing anymore
IF2_TEST=1
IF2_ISUP=0
EXECFG=0
echo $IF2 exceeded the success count status changed to $IF2_ISUP
fi
fi
fi
fi
echo testing done
if [ $EXECFG -eq "0" ]; then
EXECFG=1
echo configuring routes....
# if both up great
if [[ $IF1_ISUP -eq "0" && $IF2_ISUP -eq "0" ]]; then
# configure for load balancing
echo "ip route replace default scope global nexthop via $IF1_GW dev $IF1 weight $IF1_W nexthop via $IF2_GW dev $IF2 weight $IF2_W"
#ip route replace default scope global nexthop via $IF1_GW dev $IF1 weight $IF1_W nexthop via $IF2_GW dev $IF2 weight $IF2_W
ip route replace default scope global nexthop via $IF1_GW dev $IF1 weight $IF1_W nexthop via $IF2_GW dev $IF2 weight $IF2_W
elif [ $IF1_ISUP -eq "0" ]; then
# set default route for IF1
echo "ip route replace default scope global via $IF1_GW dev $IF1"
ip route replace default scope global via $IF1_GW dev $IF1
# the implication is that the dhcp server may have changed... so bounce it
# $IF2 is down so attempt to get a new dhcp lease as that could have changed.
elif [ $IF2_ISUP -eq "0" ]; then
# set default route for IF2
echo "ip route replace default scope global via $IF2_GW dev $IF2"
ip route replace default scope global via $IF2_GW dev $IF2
# $IF1 is down so attempt to get a new dhcp lease as that could have changed.
else
#both are down...
echo "both are down... game over man! game over!.... we're all gonna die down here!"
# $IF1 is down so attempt to get a new dhcp lease as that could have changed.
# $IF2 is down so attempt to get a new dhcp lease as that could have changed.
fi
fi
done
No comments:
Post a Comment