Dpinger multiple targets - aka gwmond $2,500
-
To make things interesting I will commit to donate $2,500 US to this cause.
I know it's a lot of work, but I am hoping others will commit some $ to make this appealing.Details of my idea below, copy 'n' paste from https://redmine.pfsense.org/issues/4354 :
I agree that the "right" way to handle this would be to have dpinger remain dumb (for lack of a better term) and simply report its latency stats dutifully. A new "gateway supervisor daemon" needs to be coded, that aggregates these stats and makes informed decisions based on some settings that don't currently exist in pfSense. This would be incredibly powerful.
One way I could envision this working is:
• A new "Gateway Monitoring" page is created under Routing. The layout of this page would look something like the DynDNS page where you could add hosts line by line, and set Gateways, IPs and Descriptions for each.
• We would define 0 or more hosts per gateway: If none are defined, monitoring for that gateway is effectively disabled. Defining just 1 host would be equivalent to the system we have currently. Defining 2 or more would enable the new advanced functionality. Each host added there would start a new instance of dpinger, adding monitoring + graphing for that host via the chosen gateway. These monitors in and of themselves would do NOTHING except log data.
• The Routing > Gateway Groups page could then be changed so that some new popup choices are available for Trigger Level:
"ANY monitored host exhibits packet loss"
"ALL monitored hosts exhibit packet loss"
"ANY monitored host has high latency"
"ALL monitored hosts have high latency"
"ANY monitored host is completely down"
"ALL monitored hosts are completely down"
• The "Gateway supervisor daemon" is the process that triggers pfSense scripts that mark gateways up/down based on the triggers set above and the aggregate stats for the individual dpinger instances.These are back of napkin ideas but overall this seems like it would work.
-
No takers at $2500 ?
-
I agree this would be nice, I think I've done this in a way but it's not really designed to do it.
I also wanted a way to compare not only the local ISP gateway but other internet locations as well, I did this by adding another gateway using the word "dynamic" in the IP address field. I then specified the monitoring IP I wanted and saved it. So in a sense I have it monitoring ISP_GW, DNS1, DNS2, etc..
The problem I've noticed is that once you have this configured if you ever need to change anything on the gateway settings such as the monitored IP address, it won't let you because it see's multiple gateways with the same gateway address - the only solution is to remove all the extra gateways make the change and then re-add them again. This is not ideal but it does work.
My advice if you do choose to use this method, create a standard naming scheme for the gateways so it's clean and easy to read..especially if you have multiple WANS.
It would be nice if pfSense could use this technique to be a little smarter about whether the internet connection is really down or if it's just the monitored IP address having issues.
-
I will look into it.
I will post back if I am successful, basically you want the dpinger function to support multiple targets, and it to be fully configurable in the GUI for the new features?
I would need to submit my work as a patch to the pfsense developers for it to be adopted officially.
-
basically you want the dpinger function to support multiple targets, and it to be fully configurable in the GUI for the new features?
Well that's definitely a part of the request but the other arguably more critical piece is creating a new "gateway monitor daemon" (which I dubbed gwmond) to take informed actions based on the additional data that dpinger will be collecting. Pinging additional targets alone without adding a layer of control/response would be interesting, but ultimately not solve the real world problem.
-
yeah I have read your entire post now, will come back if I have any success.
-
doing some research and looks like ubnt edgemax line can handle three ping targets , just a fyi
-
Lets see if we can get the author of dpinger on this:
https://github.com/dennypage/dpinger/issues/24
-
First version of gwmond available here: www.miscstuff.org/pfSense-pkg-Gwmond-0.2.4.txz No graphing capability at present due to the version of rrdtool supplied with pfSense being compiled without graphing support.
-
hmm,
I did not get a notification. I am going to check it out.
Do you have a github setup?
-
no github yet, I'm still working on graphing also.
-
It is a shame we do not have more people jumping on this.
What you are coming up with is a standard feature in pfsense's competitors devices now and also forms that basis of the buzzword 'sd-wan'.
It is going to come of great benefit to pfsense and if you get a github up where I can see the code differences I wanted to contribute. I do not want any of the bounty.
-
I have never installed an alternative package. What is the best way to install this?
-
Graphing has arrived! caveat: the x axis labels are weird because D3 insists on doing it by itself and makes a horrible mess of it. Any attempts I've made to impose order have either broken it completely or been ignored.
Also there might not be any Y axis labels on the packet loss graphs when there's no packet loss, I assume that's because it can't work out a scale from a bunch of 0s.
download here: http://www.miscstuff.org/pfSense-pkg-Gwmond-0.2.4.1.txz
git hopefully coming soon
to install dump the file in /tmp and in console run pkg install /tmp/pfSense-pkg-Gwmond-0.2.4.1.txz
-
Thanks for working on this - this feature will go a long way to improve the reliability of pfsense.
-
Guys,
I admin a pretty decent size network and I have yet to test this plugin. Does this replace what is installed? Is it additional functionality? Can I roll back? I have a box I would like to try it on.
It also seems that luckman212 has not replied. I am going to try and secure some funds from my company to donate to this, how do I donate?
The big question I have now is: Is this compatible w/ 2.4.3_1 or the latest and greatest, and how do we get this rolled into official pfSense packages?
-
@webdawg said in Dpinger multiple targets - aka gwmond $2,500:
Guys,
I admin a pretty decent size network and I have yet to test this plugin. Does this replace what is installed? Is it additional functionality? Can I roll back? I have a box I would like to try it on.
It also seems that luckman212 has not replied. I am going to try and secure some funds from my company to donate to this, how do I donate?
The big question I have now is: Is this compatible w/ 2.4.3_1 or the latest and greatest, and how do we get this rolled into official pfSense packages?
Guys,
Does this replace what is installed, is it easy to remove?
-
@webdawg I was ready to test this, but no one replied. Hello?
-
@webdawg Guys:
https://redmine.pfsense.org/issues/7671
edit: https://redmine.pfsense.org/issues/4354
Also got a message back from pfSense:
Ultimately it's not seeing any traction because the suggested solution isn't right. Essentially dpinger is only a daemon that pings and reports responses. It doesn't make decisions about what is good or bad for a pfSense gateway as a whole only its specific single target. It isn't up to dpinger to handle multiple targets or different protocols.
What is needed is more like some middleware-ish daemon to sit between pfSense and other gateway monitoring daemons like dpinger (See #7671 for some other suggestions) that would be capable of coordinating multiple monitoring techniques for each gateway and making more informed decisions about their status.pfSense
|
+--- [gateway monitoring daemon]
|
+ --- [dpinger <1...n>, <something that checks http>, <something that checks tcp>, etc]There isn't currently a feature request for that, however, but feel free to open one and start a bounty on the forum to see if you get any takers. Given the responses on the dpinger github it appears its author agrees that it's out of scope for dpinger itself.
Can someone create a new bounty?
-
Yes, in my original post/redmine ticket I did suggest that what's really needed is a new gw monitoring daemon to make intelligent decisions and take actions based on the current state of dpinger (or other monitoring processes).
I should have stayed in school and learned enough C so I could create this myself, but, too late for that. We need someone more capable to step up to the plate here.
Maybe $2500 wasn't enough- not sure if it's even possible to raise that much (or more) without some marketing/campaigning from Netgate themselves. Maybe a monthly "Top Bounties" section of the Newsletter could help fund this type of 3rd party development?
In the meantime, I really feel like the saying "Perfect is the enemy of good" (aka Pareto principle) applies here. With the existing tools (dpinger/base pfsense) we already have what's needed with some small code changes to define additional gateway monitoring targets (albeit, ICMP only) and not trigger a gw failover event unless ALL targets are down.
Until & unless we can figure out how to fund or create enough demand for a better solution, maybe we should just implement 3 targets for now which will probably help 80% of the users who need multitarget monitoring.