Auto-switch between multiple PPPoE Connections

Auto-switch between multiple PPPoE Connections


Broadband connections are cheaper and faster than leased-line connections. However, broadband connections are usually unreliable. The reliability can be improved by using a backup broadband connection. This post shows how to configure Fedora Linux-based firewall/gateway to auto-switch between ISPs when a connection drops.

Setup


1. Firewall Machine:
Firewall has 3 ethernet cards. Two of the cards, eth0 and eth1, are connected to ADSL modem/routers from ispA and ispB respectively.
The third card connects the firewall to the intranetwork. Internal machines/devices set eth2 IPADDR 192.168.12.253 as the Gateway address to get access to internet.

2. Set Broadband ADSL modem/router LAN-side IP address as above.Configure Broadband ADSL modem/router "WAN" settings as PPPoE "Bridge" mode:
    Airtel VPI/VCI = 1/32
    BSNL Dataone VPI/VCI = 0/35

3. In /etc/sysconfig/network-scripts/ifcfg-eth0 and ifcfg-eth1 set DNS1, DNS2 as per the details provided by respective ISP. Set IPADDR as shown in the diagram and set GATEWAY to the LAN IP address of the corresponding ADSL modem.

4. Both /etc/sysconfig/network-scripts/ifcfg-ispA and ifcfg-ispB are created with adsl-setup, both are identical DEVICE=ppp0 except for the following differences:
    PROVIDER  ispA                                  ispB
    ETH       eth0                                  eth1
    PIDFILE   /var/run/pppoe-adsl_ispA.pid          /var/run/pppoe-adsl_ispB.pid
    USER      'login@ispA'                          'login@ispB'
    ONBOOT    yes                                   no

5. /etc/ppp/chap-secrets and pap-secrets contains entries for both the logins 'login@ispA' and 'login@ispB'.

6. Create iptables firewall script /root/iptables_DMZ. Refer "rc.DMZ.firewall" from Iptables Tutorial 1.2.2 and make following changes to get the right ppp INET_IFACE at runtime and to obtain associated public network IP assigned by the ISP:
    INET_IFACE="`ifconfig|grep -m 1 ppp|cut -c-4`"
    INET_IP="`ifconfig $INET_IFACE | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
    HTTP_IP=$INET_IP

    LAN_IFACE="eth2"
    LAN_IP="`ifconfig $LAN_IFACE | grep 'inet addr' | awk '{print $2}' | sed -e 's/.*://'`"
    DMZ_IFACE=$LAN_IFACE
    DMZ_IP=$LAN_IP

    DMZ_HTTP_IP="192.168.12.250"

7. Create /root/init_pppoe_iptables::
    /etc/init.d/iptables stop
    /etc/init.d/iptables restart
    source /root/iptables_DMZ


8. Edit /etc/ppp/ip-up.local to invoke init_pppoe_iptables script, register the dynamic IP provisioned by ISP thru ddclient service such as dyndns:
    [ -x /root/init_pppoe_iptables ] && /root/init_pppoe_iptables "$@"

    ddclient -daemon=0 -syslog -use=if -if=$1 >/dev/null 2>&1

9. Create /etc/ppp/ip-down-post.local::
    #!/bin/bash
    # Called from ip-down, after /etc/sysconfig/network-script/ifdown-post is done.
    ##
    # toggle isp
    [ -x /root/toggle_isp/ppp-switch-from-$6 ] && /root/toggle_isp/ppp-switch-from-$6

10. Edit /etc/ppp/ip-down to invoke /etc/ppp/ip-down-post.local after ifdown-post is called.

11. Edit /etc/sysconfig/network-scripts/ifup-ppp and to attempt to use other ISP if adsl-start fails::
    if [ -x /sbin/adsl-start -o -x /usr/sbin/adsl-start ] ; then
        adsl-start /etc/sysconfig/network-scripts/$CONFIG
        if [ $? != 0 ] ; then
            [ -x /root/toggle_isp/ppp-switch-from-${DEVNAME} ] && /root/toggle_isp/ppp-switch-from-${DEVNAME}

12. Create /root/toggle_isp/ppp-switch-from-ispA as follows:
    /sbin/ifdown ispA; /sbin/ifup ispB

    Similarly, create /root/toggle_isp/ppp-switch-from-ispB.



How it works


1. When ppp is up, pppd calls /etc/ppp/ip-up -> ip-up.local, which invokes /root/init_pppoe_iptables, which in turn starts iptables and registers the dynamic IP using ddclient.
2. When ppp is goes down, pppd calls /etc/ppp/ip-down -> ip-down.local. However,
after ip-down.local returns, ip-down calls /etc/sysconfig/network-scripts/ifdown-post to do some clean-up. Thus, it would be most appropriate to toggle ISP after
ifdown-post has done its job. Therefore, /etc/ppp/ip-down is MODIFIED to invoke a new script /etc/ppp/ip-down-post.local. It invokes appropriate script to toggle ISP:: /root/toggle_isp/ppp-switch-from-$6.

3. When a device is already down (phone line down), ifup attempts to bring it up (as part of
toggle process or during init) will fail. In such case MODIFIED /etc/sysconfig/network-scripts/ifup-ppp invokes appropriate script to toggle ISP:: /root/toggle_isp/ppp-switch-from-${DEVNAME}.


Of course, none of this is required if you can get two concurrent PPPoE connections. Let me know if you know how to set it up!

No comments:

Post a Comment