Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Using same gateway monitor IP not allowed

    Routing and Multi WAN
    3
    5
    131
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Griffo last edited by

      Quick question. Why can I not use the same monitor IP (such as 1.1.1.1) for multiple gateways?
      I have numerous Wireguard tunnels which by default have a gateway address of the adapter itself, thus i need to supply something else. If the router is pinging with the interface specified, why can't I duplicate the IP? The first few are easy to come up with unique IP's but it turns into a bit of a management nightmare.

      DaddyGo 1 Reply Last reply Reply Quote 0
      • DaddyGo
        DaddyGo @Griffo last edited by DaddyGo

        @griffo said in Using same gateway monitor IP not allowed:

        Quick question. Why can I not use the same monitor IP (such as 1.1.1.1) for multiple gateways?

        Hi,

        Observe the rule of formal logic...๐Ÿ˜‰

        so, because it makes no sense, because if there is only one monitor IP and it goes down, more GW will be lost at the same time...

        +++edit:

        anyway, it makes no sense to set the monitor IP to known DNS servers because it is not consistent

        find the next (NEAREST) upstream GW and and set it to monitor IP, it's usually the ISP GW
        (make sure this is a public IP, not the RFC1918 address of the SOHO router)
        so you will definitely get more accurate values than with a DNS server(s) PING

        the "traceroute" your good friend in this case ๐Ÿ˜‰

        G 1 Reply Last reply Reply Quote 0
        • G
          Griffo @DaddyGo last edited by Griffo

          @daddygo said in Using same gateway monitor IP not allowed:

          @griffo said in Using same gateway monitor IP not allowed:

          Quick question. Why can I not use the same monitor IP (such as 1.1.1.1) for multiple gateways?

          Hi,

          Observe the rule of formal logic...๐Ÿ˜‰

          so, because it makes no sense, because if there is only one monitor IP and it goes down, more GW will be lost at the same time...

          +++edit:

          anyway, it makes no sense to set the monitor IP to known DNS servers because it is not consistent

          find the next (NEAREST) upstream GW and and set it to monitor IP, it's usually the ISP GW
          (make sure this is a public IP, not the RFC1918 address of the SOHO router)
          so you will definitely get more accurate values than with a DNS server(s) PING

          the "traceroute" your good friend in this case ๐Ÿ˜‰

          But I don't want to pick some random service provider gateway IP that could change at any time and is not reflective of real world data flow past the providers network into the wider internet.

          With Anycast, none of the major services relate to a single device, they are hundreds or thousands of servers spread over the globe, and using something like 1.1.1.1 means i'm always testing access to an actual internet service not my providers gateway. Every VPN would be responded to by a different server / load balancer. Even if they totally borked the config of their service, they are unlikely to take out the networking stack at layer 3.

          N DaddyGo 2 Replies Last reply Reply Quote 0
          • N
            netblues @Griffo last edited by

            @griffo You are still relying into something "exotic" like anycast.

            And unrelated to your connectivity resources, DO fail lowering your overall availiability

            Random service provider ip???? Noway.
            If you are monitoring a physical connection, then each one has its own provider gw ip
            If you are multihomed to the same provider, then you will need an alternative inside your provider.

            Now, if you are using this for vpn then you need something at your other end of the vpn connection.

            The fad/trend of using vpn to ultimately access the Internet is rather new, and gateway monitoring wasn't really designed with this in mind.

            I hope this makes sense :)

            1 Reply Last reply Reply Quote 0
            • DaddyGo
              DaddyGo @Griffo last edited by DaddyGo

              @griffo said in Using same gateway monitor IP not allowed:

              But I don't want to pick some random service provider gateway IP

              OK.. ๐Ÿ˜‰

              I was thinking of your own provider (ISP), it's not random...
              DNS servers are not designed and used to send ICMP responses

              • depending on their workload, the responses received also differ, so they do not provide relevant information

              so letโ€™s stick with this first ISP GW as a good solution

              BTW:
              the forum is full of discussions on this theme

              the end is always that the DNS server(s) is not a monitor IP alternative

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              ยฉ 2021 Rubicon Communications, LLC | Privacy Policy