Manual failover / failback
-
We are using policy based routing with a routing group consisting of Tear1 going via a MPLS link and Tear 2 through VPN over internet. We have set monitoring ip's somewhere along the network.
Generally this works fine, when MPLS link is down it automatically failsback to the VPN.
Now I have been asked the question to make a tool to manually switch over from MPLS to VPN and back.
Looking at the webinsterface I don't see an option to force a routing group to switch to the other gw.
Any suggestions of how this could be done ? (perhaps a linux script and telnet to run the script?)
Lex
-
Changing the gateway-group tiers is not an option?
I guess you could get creative with the builtin scheduler:
A) Create 2 schedules: schedule1 (all the time), schedule2 (date in the past)
B) Adjust all your policy routes: add schedule (schedule1)
C) Create a second failover group with the tiers switched (failover2)
D) Duplicate all your firewall rules (that have policy routing enabled), but adjust the gateway group (failover2) and change the schedule (schedule1 to schedule2). BE SURE TO PUT THE DUPLICATED RULE ABOVE THE ORIGINALS(yes i know this is a one-time-hassle)
In the case you'd need to switch, you'd just set schedule2 to enable itself (today/hours/minutes). This will cause the duplicated rules to override the originals and should accomplish what you wish.
If anyone knows a better alternative that doesn't involve changing the tiers in the gateway-group or changing dozens of rules … please enlighten me :)
-
Thanks for the tip, sounds a bit complicated.
We are actually looking for a way to let a non tech user do the switch over, perhaps via command file or some kind of app.
We are windows programmers, we can create something as long as we are able to trigger the right functions via the http or some other interface.Lex