Setting up a failover ADSL connection on a Cisco Router
This method will monitor a connection via ICMPWikipedia: The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is used by the operating systems of networked computers to send error messages indicating, ... ping and, on failure, it will bring up the ADSLWikipedia: Asymmetric digital subscriber line (ADSL) is a type of digital subscriber line (DSL) technology, a data communications technology that enables faster data transmission over copper telephone lines than... line. Below is my setup – you may need to tailor this guide to yours. This method is useful if both connections cannot be up at the same time (possibly because they share an IP address).
Cisco 1841 Router with HWIC1-ADSL
- Dialer0 is a PPPoE dialer to a VDSL modem via fa0/0
- Dialer1 is a PPPoATM dialer of ADSL via ATM0/1/0
- The IP I am pinging to detect failure is 83.218.143.225
- The ATM0/1/0 interface is shutdown when not in use
First we’ll add a Track and IP SLA to monitor our primary connection (Dialer0) by pinging our monitor IP (83.218.143.225). This track configuration delays actioning a failure for 10 seconds and a restore by 60 seconds. This is to prevent flip-flopping on the lines:
- track 1 rtr 123 reachability
- delay down 10 up 60
-
- ip sla 123
- icmp-echo 83.218.143.225 source-interface Dialer0
- timeout 2000
- frequency 4
- ip sla schedule 123 life forever start-time now
Next we’ll add default routes for Dialer0 (linked to Track1) and Dialer1 (with a higher metric). If you already have default routes, remove these first:
- ip route 0.0.0.0 0.0.0.0 Dialer0 track 1
- ip route 0.0.0.0 0.0.0.0 Dialer1 254
Finally we’ll use EEMWikipedia: Cisco Embedded Event Manager (EEM) is a feature included in Cisco's IOS operating system (and some other Cisco OSes such as IOS-XR, IOS-XE, and NX-OS) that allow programmability and automation capabil... applets to monitor track 1 and bring up the ATM interface on failure (and visa versa). This also e-mails us about the event:
- event manager applet TRACK-1-TIMEOUT
- event track 1 state down
- action 1.0 cli command "enable"
- action 2.0 cli command "config terminal"
- action 3.0 cli command "interface atm0/1/0"
- action 4.0 cli command "no shutdown"
- action 5.0 mail server "55.33.44.22" to "to@mail.com" from "from@mail.com" subject "IP SLA 123 Timeout" body "Timeout on primary line"
- event manager applet TRACK-1-OK
- event track 1 state up
- action 1.0 cli command "enable"
- action 2.0 cli command "config terminal"
- action 3.0 cli command "interface atm0/1/0"
- action 4.0 cli command "shutdown"
- action 5.0 mail server "55.33.44.22" to "to@mail.com" from "from@mail.com" subject "IP SLA 123 Restored" body "Primary line restored"
You should replace 55.33.44.22 with a valid SMTP server that this router has access to send through and change to@mail.com/from@mail.com to the to/from e-mail addresses respectively.
A full example config (with some bits redacted) can be found here.
How to set up Internet connection (WAN) failover in Cisco IOS including e-mail notifications
As a revision to my earlier post on the matter, here’s a better constructed way to achieve the same effect with a little more accuracy.
Here’s a diagram of the approximate topology that this will cater to:
Network Diagram
I shall assert the following facts:
- The “ISP’s Router” is IP address 1.1.1.1
- The DSL model is IP address 2.2.2.2
- The source interface that connects to the ISP router is FastEthernet0/0
- There is an SMTP server that this router has permission to send via at 99.99.99.99
- Your e-mail address is you@mail.com
First we use “track” to create 2 track entries to do route tracking. The first defines a “reachability” track which will be used to monitor for and perform actions on the failure of the primary route. This also delays the actions it performs on failure and restore by 20 and 60 seconds respectively to negate the effect of temporary blips. The second is a stub which allows us to take the secondary route up or down.
- track 1 rtr 123 reachability
- delay down 20 up 60
- track 2 stub-object
- default-state down
Next we add the routes. There’s 2 default gateways added, each associated with the track entries. There is also a route to ensure that all traffic to the “ISP’s Router” is sent out of the fa0/0 interface. This is for monitoring.
- ip route 0.0.0.0 0.0.0.0 1.1.1.1 name FIBRE track 1
- ip route 0.0.0.0 0.0.0.0 2.2.2.2 254 name ADSL_BACKUP track 2
- ip route 1.1.1.1 255.255.255.255 FastEthernet0/0
Now we use ip sla to provide the details for our reachability track regarding what it should test. In this case, it pings the “ISP’s Router” every 4 seconds:
- ip sla 123
- icmp-echo 1.1.1.1 source-interface FastEthernet0/0
- timeout 2000
- frequency 4
- ip sla schedule 123 life forever start-time now
Finally we add some event handling to perform some actions on the failure and restore of the primary line. These bring up the second route and e-mail you a notification:
- event manager applet TRACK-1-TIMEOUT
- event track 1 state down
- action 1.0 track set 2 state up
- action 1.1 mail server "99.99.99.99" to "you@mail.com" from "monitor@router.local" subject "IP SLA 123 Timeout" body "Timeout on the primary line"
- event manager applet TRACK-1-OK
- event track 1 state up
- action 1.0 track set 2 state down
- action 1.1 mail server "99.99.99.99" to "you@mail.com" from "monitor@router.local" subject "IP SLA 123 Restored" body "Primary line restored"
That’s largely it. It contrasts with my earlier post in such that it ignores the effect of temporary blips in the line and also sends e-mail notifications.
How to disable ICMP redirects in pfSense
When a router’s next hop gateway is in the same subnet as the previous hop, it’ll send an ICMPWikipedia: The Internet Control Message Protocol (ICMP) is one of the core protocols of the Internet Protocol Suite. It is used by the operating systems of networked computers to send error messages indicating, ... redirect to the previous router in order to cut itself out of the routing. In some setups, this may not be desirable.
To disable this on pfSense, go to System->Advanced and change to the System Tunables tab. Edit net.inet.ip.redirect and/or net.inet6.ip6.redirect to change their values to 0 (zero).
What is anycast? Anycast explained at a very basic level
AnycastWikipedia: Anycast is a network addressing and routing methodology in which datagrams from a single sender are routed to the topologically nearest node in a group of potential receivers, though it may be sent to..., at a very basic level, is when a collection of servers share the same IP address and data is sent from a source computer to the server that is topographically closest. It is important to remember that topographically closer does not inherently mean geographically closer, though this is often the case.
Anycast is used primarily for load balancingWikipedia: Load balancing is a computer networking method to distribute workload across multiple computers or a computer cluster, network links, central processing units, disk drives, or other resources, to achi... to allow the server topographically closest to a user to handle their request. This helps cut down on latency and bandwidth costs and improves load time for users.
Anycast is linked with the Border Gateway ProtocolWikipedia: Border Gateway Protocol (BGP) is the protocol which is used to make core routing decisions on the Internet; it involves a table of IP networks or "prefixes" which designate network reachability among .... This is a protocol used between routersWikipedia: A router is a device that forwards data packets between computer networks, creating an overlay internetwork. A router is connected to two or more data lines from different networks. When a data packet... on the Internet with the intent of ensuring that all of a router’s neighbours are aware of the networks that can be reached through that router and the topographical distance to those networks. The principal of Anycast is that a single IP address is advertised in the BGP messages of multiple routers. As this propagates across the Internet, routers become aware of which of their neighbours provides the short topographical path to the advertised IP address.
IP addresses used in Anycast are often purchased directly from a Regional Internet registryWikipedia: A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a particular region of the world. Internet number resources inclu.... Some data centersWikipedia: A data center or computer centre (also datacenter) is a facility used to house computer systems and associated components, such as telecommunications and storage systems. It generally includes redunda... are known to rent IP addresses to customers and allow them to be advertised by other data centres.
As with all routing, it cannot be guaranteed that a packet will take the same path across the Internet as its predecessor. With Anycast, it cannot be guaranteed that a packet will reach the same destination server as its predecessor. As such, Anycast is not suitable for protocols which track state. TCP is an example of one of these. UDP, however, is perfect for Anycast providing it does not try to track state at a higher level of the OSI model and that the application layer protocol does not rely on a large number of fragemented datagrams to transfer data.
The typical scenario for Anycast as a load balancer is thus:
- A server in London has its own IP address 3.3.3.3 and a shared Anycast IP address 1.1.1.1.
- A server in New York has its own IP address 4.4.4.4 and a shared Anycast IP address 1.1.1.1.
- Each of the above servers runs a DNSWikipedia: The Domain Name System (DNS) is a hierarchical distributed naming system for computers, services, or any resource connected to the Internet or a private network. It associates various information with... server listening on 1.1.1.1.
- The DNS servers serve up an A record for anycastdomain.com. London would serve up 3.3.3.3 and New York would serve up 4.4.4.4.
- When a DNS request is made for anycastdomain.com, Anycast would route this request to its topographically closest DNS server. This DNS server would, in turn, serve up the unique IP address of its own server and a TCP connection would be established over standard unicast.
Feedback from companies such as ScaleEngine is that it’s quite difficult to persuade data centres to add IP addresses to their BGP. This appears to be best suited to larger organisations who lease their own transitWikipedia: Internet transit is the service of allowing network traffic to cross or "transit" a computer network, usually used to connect a smaller Internet service provider (ISP) to the larger Internet. Technica... and have BGP agreements with their transit providers.
Why I don’t like database stored proceedures
There’s a number of compelling reasons not to use them. Here’s just a few:
- They can’t be stepped through and debugged by your standard IDE. Admittedly, neither can the other dirty SQL you shove in your code however because the majority of SQL lacks logic beyond IF() this is less of a problem.
- The errors created by the DBMS on the failure of a stored procedure are often very cryptic and relate to an underlying database error caused by a single line in the stored procedure.
- You’re passing off the processing load to your database server. Databases, for example MySQL, are a lot harder to scale than hosting environments such as PHP-FPM. Research shows a very marginal performance boost in using stored procedures but I don’t think that this is enough to hide the fact that your database server will process less transactions per second.
- You lose portability. A good database abstraction layer in your code should make it portable between databases. Using stored procedures negates this.
- In the words of @altreus… they’re not in the code base, they’re not in the code base, they’re not in the code base. As such, they don’t track via version control systems. Of course, your database migrations should contain the stored procedures but each change is a new file. This isn’t how version control works.
- Further to the above, they’re anti-version control. Not only must a developer have his own version of a codebase, he must also have his own version of the database. When working in a team, this adds further complexities and makes it a fruitless task for individual developers to unit test builds prior to committing.
- Stored procedures aren’t reusable in the same way that code is. This is because they lack library support.
Any number or indeed all of the above may be total bollocks. Nevermind. At least it’ll serve to troll those in favor of stored procedures.
Add funds instantly with PayPal’s new feature
I stumbled across this the other day and can only assume it’s a new feature. I’m in the UK so if anyone could verify if it’s also on PayPalWikipedia: PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper m... US, that’d be great.
When adding funds to your PayPal account, there’s now 2 options:
Adding Funds with PayPal
The left hand one is the interesting one. Using it allows you to make a direct transfer from your bank to PayPal. The money showed up within seconds. This is particularly useful as it makes PayPal a more viable option for paying friends and family as PayPal payments which are funded from PayPal funds (within the same country) don’t carry any fees.
I have also dealt with a few companies who accept PayPal but charge a hefty surplus to cover the fees. Using this option allows you to pay them instantly and not incur such an excess.