How to set up Internet connection (WAN) failover in Cisco IOS including e-mail notifications

As a revision to my earlier post on the matter, here’s a better constructed way to achieve the same effect with a little more accuracy.

Here’s a diagram of the approximate topology that this will cater to:

Network Diagram

Network Diagram

I shall assert the following facts:

  1. The “ISP’s Router” is IP address 1.1.1.1
  2. The DSL model is IP address 2.2.2.2
  3. The source interface that connects to the ISP router is FastEthernet0/0
  4. There is an SMTP server that this router has permission to send via at 99.99.99.99
  5. Your e-mail address is you@mail.com

First we use “track” to create 2 track entries to do route tracking. The first defines a “reachability” track which will be used to monitor for and perform actions on the failure of the primary route. This also delays the actions it performs on failure and restore by 20 and 60 seconds respectively to negate the effect of temporary blips. The second is a stub which allows us to take the secondary route up or down.

  1. track 1 rtr 123 reachability
  2. delay down 20 up 60
  3. track 2 stub-object
  4. default-state down

Next we add the routes. There’s 2 default gateways added, each associated with the track entries. There is also a route to ensure that all traffic to the “ISP’s Router” is sent out of the fa0/0 interface. This is for monitoring.

  1. ip route 0.0.0.0 0.0.0.0 1.1.1.1 name FIBRE track 1
  2. ip route 0.0.0.0 0.0.0.0 2.2.2.2 254 name ADSL_BACKUP track 2
  3. ip route 1.1.1.1 255.255.255.255 FastEthernet0/0

Now we use ip sla to provide the details for our reachability track regarding what it should test. In this case, it pings the “ISP’s Router” every 4 seconds:

  1. ip sla 123
  2. icmp-echo 1.1.1.1 source-interface FastEthernet0/0
  3. timeout 2000
  4. frequency 4
  5. ip sla schedule 123 life forever start-time now

Finally we add some event handling to perform some actions on the failure and restore of the primary line. These bring up the second route and e-mail you a notification:

  1. event manager applet TRACK-1-TIMEOUT
  2. event track 1 state down
  3. action 1.0 track set 2 state up
  4. action 1.1 mail server "99.99.99.99" to "you@mail.com" from "monitor@router.local" subject "IP SLA 123 Timeout" body "Timeout on the primary line"
  5. event manager applet TRACK-1-OK
  6. event track 1 state up
  7. action 1.0 track set 2 state down
  8. action 1.1 mail server "99.99.99.99" to "you@mail.com" from "monitor@router.local" subject "IP SLA 123 Restored" body "Primary line restored"

That’s largely it. It contrasts with my earlier post in such that it ignores the effect of temporary blips in the line and also sends e-mail notifications.

 

How to disable ICMP redirects in pfSense

When a router’s next hop gateway is in the same subnet as the previous hop, it’ll send an ICMP redirect to the previous router in order to cut itself out of the routing. In some setups, this may not be desirable.

To disable this on pfSense, go to System->Advanced and change to the System Tunables tab. Edit net.inet.ip.redirect and/or net.inet6.ip6.redirect to change their values to 0 (zero).

What is anycast? Anycast explained at a very basic level

What is anycast? Anycast explained at a very basic level

Anycast, at a very basic level, is when a collection of servers share the same IP address and data is sent from a source computer to the server that is topographically closest. It is important to remember that topographically closer does not inherently mean geographically closer, though this is often the case.

Anycast is used primarily for load balancing to allow the server topographically closest to a user to handle their request. This helps cut down on latency and bandwidth costs and improves load time for users.

Anycast is linked with the Border Gateway Protocol. This is a protocol used between routers on the Internet with the intent of ensuring that all of a router’s neighbours are aware of the networks that can be reached through that router and the topographical distance to those networks. The principal of Anycast is that a single IP address is advertised in the BGP messages of multiple routers. As this propagates across the Internet, routers become aware of which of their neighbours provides the short topographical path to the advertised IP address.

IP addresses used in Anycast are often purchased directly from a Regional Internet registry. Some data centers are known to rent IP addresses to customers and allow them to be advertised by other data centres.

As with all routing, it cannot be guaranteed that a packet will take the same path across the Internet as its predecessor. With Anycast, it cannot be guaranteed that a packet will reach the same destination server as its predecessor. As such, Anycast is not suitable for protocols which track state. TCP is an example of one of these. UDP, however, is perfect for Anycast providing it does not try to track state at a higher level of the OSI model and that the application layer protocol does not rely on a large number of fragemented datagrams to transfer data.

The typical scenario for Anycast as a load balancer is thus:

  • A server in London has its own IP address 3.3.3.3 and a shared Anycast IP address 1.1.1.1.
  • A server in New York has its own IP address 4.4.4.4 and a shared Anycast IP address 1.1.1.1.
  • Each of the above servers runs a DNS server listening on 1.1.1.1.
  • The DNS servers serve up an A record for anycastdomain.com. London would serve up 3.3.3.3 and New York would serve up 4.4.4.4.
  • When a DNS request is made for anycastdomain.com, Anycast would route this request to its topographically closest DNS server. This DNS server would, in turn, serve up the unique IP address of its own server and a TCP connection would be established over standard unicast.

Feedback from companies such as ScaleEngine is that it’s quite difficult to persuade data centres to add IP addresses to their BGP. This appears to be best suited to larger organisations who lease their own transit and have BGP agreements with their transit providers.

Configuring Cisco IOS switches for Cisco VOIP phones

Some Cisco switches, such as our Catalyst 3560 series, have Smartports which can be configured via the switch’s web interface to have roles. These roles provide the ports with typical settings for network security and QOS. If your switch doesn’t have Smartports these are Cisco’s recommended settings for each switch interface which is supporting a Cisco VOIP phone. It is taken in the content of interface fa0/1

  1. interface FastEthernet0/1
  2. switchport access vlan 14
  3. switchport mode access
  4. switchport voice vlan 5
  5. switchport port-security maximum 2
  6. switchport port-security
  7. switchport port-security aging time 2
  8. switchport port-security violation restrict
  9. switchport port-security aging type inactivity
  10. macro description cisco-phone
  11. auto qos voip cisco-phone
  12. spanning-tree portfast
  13. spanning-tree bpduguard enable

 

You’ll need to change the access VLAN ID and voice VLAN ID to relate to your own PCs VLAN and voice VLAN.

PHP: Interfacing with HeatMiser WiFi thermostats

PHP: Interfacing with HeatMiser WiFi thermostats

I’m quite a big fan of writing code that interfaces with physical data. It somehow feels more fulfilling to see or feel the results.

On top of my repertoire of the Foscam FI8908W Recorder and TK110 GPS Tracker Server, comes a PHP interface for HeatMiser WiFi Thermostats. This too can be found on GitHub. The code is fairly self explanatory and the docs should point you in the right direction. The library will read from and write to HeatMiser WiFi thermostats. It’s tested on the PRT-TS but should probably work on others. If not, fix it up and submit a pull request on Github (or comment here).

If you came looking for an insight into this Theromstat’s binary network protocol, there’s a decent guide released by HeatMiser on the topic. This can be found on their website. The guide can be a lot to get your head around so hopefully my code will be enough to aid you in this area. Failing that, or if you’re more of a camel, there’s a good Perl implementation on Google Code. The Perl implementation is more of an example than an interface-able library but it’s a great starting point and provided a lot of inspiration for my PHP implementation.