On Tue, 09 Sep 2008 00:11:39 -0700, TT typed this message:

> Hi all.
>
> I set up a VPN using two SUSE 10.0
> Each SuSE box has two dsl connection to the other SuSE box. Dsl1 is the
> primary connection and dsl0 is the backup link. So, each box has three
> ethernet cards: one for dsl1, another for dsl0 and another is the
> internal interface.
>
> Each PC on any LAN has the internal IP of the SuSE box as gateway, so I
> can reach any PC of any LAN from any PC of the other LAN.
>
> So, the basic connection works.
>
> In order to manage the primary link (dsl1) and the backup one (dsl0), I
> did two routes on the SuSE box:
>
> route add -net x.y.z.0/24 dev dsl1
> route add -net x.y.z.0/24 metric 1 dev dsl0
>
> so it uses dsl0 if dsl1 is not available.
>
> Now the problem is that I have remote clients that connect to telnet
> sessions on a server.
> So this happens:
>
> 1) the client connects to server on the primary connection. The route
> is:
> client (telnet session) --> SuSE --> dsl1 --> remote Server (port 23)
>
> 2) the primary link fails. The route becomes: client (telnet session)
> --> SuSE --> dsl0 --> remote Server (port 23)
>
> From the time 1 to the time 2 the session telnet is resetted, even if it
> takes just 1 second.
>
> I don't think it's a timeout problem, because I did this test: 1) from a
> local PC I connected to a telnet session 2) I unplugged the ethernet
> cable
> 3) after 20 seconds I plugged in the ethernet cable 4) the session
> telnet was not resetted
>
> So it is the switch from one route to another that breaks the connection
>
> Maybe it can be a firewall problem, but if I do
>
> SuSEfirewall2 stop
>
> the routing does not work at all.
>
> Even if i set
> FW_STOP_KEEP_ROUTING_STATE="yes"
> when I shut down the firewall it keeps active connections, but I can't
> create new connections.
>
> So I cannot test the VPN without the firewall.
>
> So, how it is possible to change the route without break the connection?
>
> Thanks to all.

As I understand it, the problem isn't with the routing the problem is
with the dsl connection. Your timeout test does not test the switch it
just tests the current DSL connection, ie, the connection assumes bad or
lost packets but continues to wait for acknowledgments.
When the actual DSL connection is switched it establishes the new route
which takes time.

IOW, I think route 192.x.x.1 to 195.x.x.2 is can be severed but resumes
when reconnected, but 192.x.x.1 to 195.x.x.5 is a new route entirely and
should show and entirely different traceroute.

On 9 Set, 22:50, noi ance wrote:
> As I understand it, the problem isn't with the routing the problem is
> with the dsl connection. *Your timeout test does not test the switch it
> just tests the current DSL connection, ie, the connection assumes bad or
> lost packets but continues to wait for acknowledgments. *
> When the actual DSL connection is switched it establishes the new route
> which takes time. *

You're right, this is what happens.

I have 2 routes:
1) route add -net x.y.z.0/24 dev dsl1
2) route add -net x.y.z.0/24 metric 1 dev dsl0

Normally, it uses route 1)
Even if dsl1 link is bad it does not switch to route 2) and so the
connection is broke
But, if I do ifdown dsl1, the route 1) is deleted and it begins to use
route 2)
In the meanwhile, remote terminals lose connection to server.

So, the question is:

Why it uses route 1) even if the link is bad?

In fact, it uses route 2) only when route 1) is deleted because dev
dsl1 goes down.

>
> IOW, I think route 192.x.x.1 to 195.x.x.2 is can be severed but resumes
> when reconnected, but 192.x.x.1 to 195.x.x.5 is a new route entirely and
> should show and entirely different traceroute.

I did not understand, sorry.

Thank You.

On Tue, 09 Sep 2008 15:35:58 -0700, TT typed this message:

> On 9 Set, 22:50, noi ance wrote:
>> As I understand it, the problem isn't with the routing the problem is
>> with the dsl connection. Â*Your timeout test does not test the switch it
>> just tests the current DSL connection, ie, the connection assumes bad
>> or lost packets but continues to wait for acknowledgments. When the
>> actual DSL connection is switched it establishes the new route which
>> takes time.
>
> You're right, this is what happens.
>
> I have 2 routes:
> 1) route add -net x.y.z.0/24 dev dsl1 2) route add -net x.y.z.0/24
> metric 1 dev dsl0
>
> Normally, it uses route 1)
> Even if dsl1 link is bad it does not switch to route 2) and so the
> connection is broke
> But, if I do ifdown dsl1, the route 1) is deleted and it begins to use
> route 2)
> In the meanwhile, remote terminals lose connection to server.
>
> So, the question is:
>
> Why it uses route 1) even if the link is bad?
>
> In fact, it uses route 2) only when route 1) is deleted because dev dsl1
> goes down.
>
> Thank You.


Its not an elegant solution but I suggest you add 1 or 2 PCs on the
network to use the route2 as primary with route 1 as secondary. That
would establish and keep route2 open and reduce the dsl fallover time.