Monitoring multi wan with same back bone
-
my cable modem provider has changed there internet supplier and my luck has it they picked my dsl supplier so now the 2 networks merge before actually making it to the internet . monitoring either dns servers respectfully doesn't provide true internet picture if i choose googles dns server it can stay up while web surfing fails, if i choose level3 in Cleveland path is identical if i choose to monitor first hop onto dsl providers network if they go down (which happens too often) i dont get fail over while the networks take the same path hops there is a priority difference so it maybe its cause one is a ring or loop and cable modem isnt ??
right now pfsense apinger says i am getting packet loss but pingtest says i am not -
That's a bummer isn't it! I don't have an easy solution. You just have to pick a couple of monitor IPs out there in internet land that actually respond all the time and are likely to represent "real internet connectivity".
I have had this problem a few times in Nepal. Was using Google 8.8.8.8 and 8.8.4.4 then Goggle got a local presence in Nepal - I had a few times when I could reach Google DNS and Google search but the ISP had no connectivity out of Nepal! My WAN did not fail over. Had times when I could reach sites back in Australia (my home country) but could not reach US or Europe sites. What can you do when your ISP has screwed their own routing tables and only has routes to part of the world. Have had times when I traceroute and the packet goes a couple of hops then bounces back and forth between 2 ISP routers in 2 different towns on the Nepal-India border - both routers seem to think the other is a better bet to get somewhere. (ping dies with TTLexpired)
As we say in Nepal - ke garne? what to do? -
yeah just switched back to google dns although good possibility they are hijacking it dropped my cpu usage which was baffling . but on the bright side at least cable modem admin quick blocking icmp
-
yeah just switched back to google dns although good possibility they are hijacking it dropped my cpu usage which was baffling .
You could use these as well: https://labs.nic.cz/odvr/ - as a bonus, they actually validate DNSSEC.