How to organize routing or 2 routes for one network?

R

Raviolo2014-10-30 17:50:02

linux

Raviolo, 2014-10-30 17:50:02

There are 2 openvpn servers on the one hand located on ip addresses in the same subnet, and located on different providers. There is also 1 server on the other side with 2 NET-TO-NET client connections.
It is necessary that when the link from one provider fails, the second one starts to be used. AD and metrics are not suitable. when the provider crashes, the interface does not crash (the interface can only crash together with the router, which we do not consider). Similarly, on openvpn servers. A link failure is not an interface failure. Prompt as it is possible to get out without resorting to the BGP protocols.

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

V

vetash, 2014-10-30
@vetash

Can you draw at least a simple diagram?
What to spin servers?

T

throughtheether, 2014-10-30
@throughtheether

A link failure is not an interface failure. Prompt as it is possible to get out without resorting to the BGP protocols.

Either organize adding / removing routes yourself depending on the "availability" (ping and other) of the opposite end of the tunnel, or use dynamic routing through tunnel interfaces (RIPv2 implementations, if I'm not mistaken, are available for almost every popular OS).
More precisely, it will be possible to answer after you provide a networking diagram.
UPD :

Very brief outline in the first comment above.

If I understand correctly, is it possible (should?) change the default route (ie route traffic to OPENVPNSERVER1 or OPENVPNSERVER2) to 3750 depending on the tunnel's health?

When the grass was greener I saw the use of route map depending on the ping, but I don't remember and there is no information now.

In my opinion, a solution in the form of static routing, coupled with ip sla tracking, will suit you. See section Redundancy .
UPD2 :

Unfortunately, from the second side, you also need to send packets, in turn choosing an interface. And there we have a purely Linux solution.

I thought that at least on one side, the routes disappear when the tunnel fails. If not, then RIPv2 remains (on 3 servers with openvpn and on a cisco device).

R

Raviolo, 2014-10-30
@Raviolo

Thanks to the people who help me.
Slightly supplemented the scheme, because. the question is important for me and a clear understanding is still missing
imgur.com/s74Bzka
Without going into the intricacies of ZBF on the Cisco3750, we are allowed access from vlanx to the working network1 and vice versa.
On the cisco now there is a static route ip route 192.168.x.0 255.255.255.0 ip openvpnserver1
On openvpnclient there is a route 192.168.x.0/24 via openvpnsubnet.openvpip servervpn1 dev tun1
Respectively. I want to enter servervpn2 located on another provider, and add the tun2 interface on the client.
If the link from ISP1 fails at 3750, the main route should be 192.168.x0 255.255.255.0 ip openvpnserver2
On openvpnclient, the main route should be 192.168.x.0/24 via openvpnsubnet.openvpip servervpn2 dev tun2
As I understand it, the capabilities of the RIP protocol should be enough for me. I'll figure it out when I'm done and let you know the result. If there are simpler reservation mechanisms, I will gladly accept them. Something universal is needed. on the one hand, we need to change the route to cisco, on the other hand, to a linux machine.