Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[aesmith]

2. Janet asked the excellent question (she is starting to think like a sysadmin, so I tell her in praising her question) of how does the sysadmin know if a router has died if VRRP is hiding the state ?

VRRP only virtualised a LAN address, each device still has it's own native address by which it can be monitored and managed.

For example and ignoring the fact that this example is HSRP, one customer has .10 as the default gateway on each subnet/VLAN, his two Nexus core switches are natively .8 and .9. Ignoring special Nexus tricks as well for the moment .8 always reaches core01 and .9 always core02. Use .10 and you get whichever is the Active at that time.

[Weaver]

Thanks, I assumed as much. But you would have to have some monitoring mechanism set up. SNMP ? Maybe a bit heavyweight for this job but you could be using it for other Firebrick-related things already. A LAN internal ping-monitor process would do the job, but I don’t suppose that there is such a thing in the Firebrick already, just set up and waiting to be configured and used, a death-event to email or SNMP trap event - is that the correct term? Or an http message, or something to tell AA, or generate an SMS. I have already seen various ping-monitor servers but out on the internet and that’s not what I want. I want something within the LAN so that it isn’t vulnerable to be misled or confused or disabled by internet access link failure.

My raspberry Pi would be perfect and and I could do with such a service right now never mind VRRP. I wonder where I can get such a server process from? Don’t want to faff about writing one myself with shell scripts and so-forth and don’t have any *nix experience so I can’t start trying to write such a thing in D or in C, reinventing the wheel anyway. Any thoughts?

[dee.jay]

You could probably run something like LibreNMS which is open source that'll run on a Raspberry Pi, can run it in Docker if that's your thing - can be setup in minutes.

I don't know if anyone has written specific modules for Libre for the Firebrick, but - maybe? A quick google says yes. I should get the Firebrick you kindly sent me and try it on that. Currently not in use but I can make it so, especially as I want to go and bond my FTTC's.

Anyway, remember that when you start looking at router redundancy protocols like VRRP it is inevitable that you will end up with some other single point of failure somewhere because you have to double all your infrastructure - but you can work out where your appetite for risk is on that one

[Weaver]

Exactly, I thought you would just end up with some single point of failure elsewhere and you’re complicating your setup greatly. If you really need more reliability, it might perhaps be better to get one of the big Firebricks which may iirc have two power supplies ?

I’ve been looking into various linux apps, but I need to exclude the ones with a graphical UI as I only want a daemon, I don’t want to be looking at something and in any case I can’t as I have no monitor. I have two other problems.

1. The app has to work with no internet connection, because the firebrick will be dead, that’s the whole point. And so no DNS for example. That’s going to kill some apps unless they have been specially written with this problem scenario in mind, or unless internet access requirements such as DNS queries just do not ever come up in the process of doing whatever the daemon/server process does. One could perhaps try to keep the DNS cache permanently filled if you know the required queries, which is perhaps ok. It’s a bit horrible second guessing the behaviour of the app though. If you did the naughty trick of probing the Firebrick by quoting its domain name then that would keep the cache filled but then the service process would fail if initially there’s no DNS.

2. How on earth do you send a message from the monitoring process on the Raspberry Pi to my iPad over an isolated LAN, no internet access. You also need something on the iPad to watch for that message and give me an iOS notification, which is an OS call or similar that produces a visible message and optionally rings a bell, and the notification is kept in a list so that you can go and look back and see that the Firebrick died some while ago. so that’s actually an additional pair of problems to solve, making three in all.

[Alex Atkin UK]

This is one reason I leave the Huawei in NAT mode, if my main router stops working I can still connect to the 5G WiFi.

Of course if it was a power surge it could potentially take that out too with it physically wired to the router, but I do have a spare.

You also remind me of my puzzlement at cloud-based router management, how does that make sense?  You make a change, it breaks Internet access on the router, it can no longer provision from the cloud.    Also why I dislike cloud-based WiFi management and even centralised management, you're just adding points of failure.

We've seen what happens when you rely on integration like that, when Facebook managed to take down their entire network, including the door access to the building to get inside to fix it.

[Weaver]

Alex, could you help, I don’t follow your first sentence.

I have my WAPs connected to a main HPE switch connected to my Firebrick router. When my Firebrick FB2700 was killed by lightning surge, some years ago, there were only modems between the Firebrick and the outside world. Nowadays, to get to my WAPs from the outside copper DSL lines you would have to go through a modem, then through a small ZyXEL VLAN MUX switch (from the days when I had four lines in use) then into the Firebrick, then into the main switch, then down ethernet cables to the WAPs. The WAPs have static routable IPv4 addresses for admin.

So I can always get to my WAPs and talk to them, indeed I did so the other day when the Firebrick was dead. That was before I realised that it was the Firebrick that was the problem, and that was completely confusing Apple devices, which seem to really hate a lack of DHCP or a lack of DNS, not 100% sure which. The iOS devices were all spitting out lies about the kind of networking problems that they had

[burakkucat]

This is one reason I leave the Huawei in NAT mode, if my main router stops working I can still connect to the 5G WiFi.

Alex, could you help, I don’t follow your first sentence.

Likewise. I've checked Alex's signature block and I do not see any reference to a Huawei device. 

[digbey]

Likewise. I've checked Alex's signature block and I do not see any reference to a Huawei device. 

HUAWEI 5G CPE Pro2 Router H122-373

[burakkucat]

HUAWEI 5G CPE Pro2 Router H122-373

Ah, now I see. Thank you for resolving my lack of understanding. 

[Alex Atkin UK]

Unfortunately I ran out of characters in my signature to put the manufacturer and had forgotten about that.  Done some nips and tucks to fix that.