WAN failover routing issues

[strowger]

Hi,

I'm new to Asuswrt-Merlin but I'm reasonably experienced with Linux and networking.

I have WAN failover configured, with my primary WAN being an ADSL router which is attached to the WAN port on my Asus, and my secondary WAN being a Huawei Mifi device which is attached to a USB port on my Asus.

WAN failover does fundamentally work, in that if I pull the primary WAN cable then the secondary connection is brought up successfully.

However, I see a load of odd issues with new connections to hosts on the Internet which were being used during the failover event failing. For example, if I ping 8.8.8.8 from a device on my LAN, and then switch the WAN connection to secondary, the ping does not resume after the switchover - but new connections and pings are initiated successfully.

This points to a Linux route cache problem on the Asus router; I suspect that "ip route cache flush" just after the WAN connection is brought up would help a lot. Has anyone else seen this?

Assuming that I'm looking in the right area, is the best way to do this going to be with a custom script on the wan-start event?

Ideally, I'd also the secondary WAN connection to be kept up all the time, perhaps with an occasional keepalive ping over it, so that the switchover is faster - but this is very much secondary to sorting out the route cache issues.

Thanks in advance for any help.

 

[peraburek]

+1
I have the same experience you have described, but since I don't have primary WAN outages often, I let it be at the moment
I don't know how much Merlin can help (maybe with "ip route cache flush"), I think you should write to ASUS support and request them to forward your proposal to Firmware Team regarding keep-alive for USB (Secondary) WAN

Linksys have something they call: cold standby, hot standby
cold standby: 3G/4G USB stick is basically off, and then turned on when there is primary WAN outage
hot standby: 3G/4G USB stick is ON all the time, immediately switches over to secondary WAN connection

with keep-alive (as you proposed) virtually there should be no downtime

can you post your DUAL-WAN settings, do you use Watch Dog?

 

[strowger]

Hi,

Thank you for answering me. My apologies for taking a few days to come back to you in turn.

I do use Watch Dog. I have to do this because my primary WAN connection is subject to frequent failures in which the device terminating it (provided by the WAN service provider) ceases to route packets, but maintains link up on its ethernet port - so I need Watch Dog to detect these failures. Unfortunately there is not a fixed IP address on the other end of that WAN connection which I can monitor, so I use www.google.com as a target. This does generate occasional false positives - ie causes a failover attempt when the connection is still present and working.

I made screenshots of how I have dual-wan set up, they are here:
https://www.dropbox.com/s/rdsxo848t6fx3hr/asus-settings1.png?dl=0
https://www.dropbox.com/s/pshe2659ztjvlgx/asus-settings2.png?dl=0

I have tried running "ip route flush cache" at the router commandline during/after failover/failback, and it doesn't seem to have any effect on the problem. I have verified with "ip route show cache" that it is clearing out the cache. I have also seen odd effects like a "ping some.host.name" ceasing forever to receive replies after a failover, but a new "ping some.host.name" instance started after failover, while the first instance is still running and getting to replies, works as expected.

I suspect therefore that the problem lies at the kernel conntrack level. I found another reference to this problem at http://www.snbforums.com/threads/how-to-clear-conntrack-table.20935/ - I have the same issue as the poster there, in that I want to try clearing the conntrack table using the conntrack tool, but it isn't in the build or in entware.

Cheers