Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision Next revisionBoth sides next revision | ||
| docs:user-guide:network:high-availability [2018/02/17 21:26] – ↷ Page moved from doc:recipes:high-availability to docs:user-guide:network:high-availability bobafetthotmail | docs:guide-user:network:high-availability [2022/08/31 20:55] – Fixed error in uci file header preventing use of alt config file nathhad | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | :!: most of this assumes you're familiar with openwrt | + | :!: most of this assumes you're familiar with openwrt, basic networking concepts |
| - | + | ||
| - | :!: TODO(risk): in progress | + | |
| ====== High availability ====== | ====== High availability ====== | ||
| - | //High availability// | + | //High availability// |
| - | In this howto, we'll be describing | + | This page describes |
| - | The devices will share a virtual ip address that hosts on the lan can use as a gateway to reach the internet. | + | The two devices will share a virtual ip address that hosts on the lan can use as a gateway to reach the internet. |
| In case the active router fails or is rebooted, a backup router will take over. | In case the active router fails or is rebooted, a backup router will take over. | ||
| - | We will be using keepalived to implement healthchecking and ip failover, and conntrack-tools to implement firewall/ | + | We' |
| Most of openwrt configuration required (but not all) is doable from luci web ui as well. | Most of openwrt configuration required (but not all) is doable from luci web ui as well. | ||
| Line 20: | Line 18: | ||
| * DHCP dynamic WAN IP is possible with keepalived, but requires extra scripting and is not going to be described here. | * DHCP dynamic WAN IP is possible with keepalived, but requires extra scripting and is not going to be described here. | ||
| * VPNs and tunnel setups and failing those over is not covered. | * VPNs and tunnel setups and failing those over is not covered. | ||
| - | * Failing over PPPoE WAN is not implement, best bet: let the modem do PPPoE and setup your virtual wan ip to DMZ. | + | * Failing over PPPoE WAN is not implemented here, best bet: let the modem do PPPoE and setup your virtual wan ip to DMZ. |
| Line 47: | Line 45: | ||
| **keepalived** is a linux daemon that uses VRRP (Virtual Router Redundancy Protocol) to healthcheck and elect a router on the network that will serve a particular IP. We'll be using a small subset of its features in our use case. | **keepalived** is a linux daemon that uses VRRP (Virtual Router Redundancy Protocol) to healthcheck and elect a router on the network that will serve a particular IP. We'll be using a small subset of its features in our use case. | ||
| - | '' | + | '' |
| - | opkg install keepalived'' | + | |
| The following configuration in ''/ | The following configuration in ''/ | ||
| Line 102: | Line 99: | ||
| </ | </ | ||
| + | To ensure `/ | ||
| + | |||
| + | write the following in `/ | ||
| + | |||
| + | < | ||
| + | config globals | ||
| + | | ||
| + | </ | ||
| + | |||
| + | This will tell the keepalived service to use the configuration file you wrote at / | ||
| ==== 4. Configure conntrackd ==== | ==== 4. Configure conntrackd ==== | ||
| Line 176: | Line 183: | ||
| </ | </ | ||
| - | ==== 3. Configure dhcp ==== | + | ==== 5. Configure dhcp ==== |
| You'll want DHCP (dnsmasq) to serve 192.168.0.4 (vip address) to hosts on the lan, both as their gateway and DNS. | You'll want DHCP (dnsmasq) to serve 192.168.0.4 (vip address) to hosts on the lan, both as their gateway and DNS. | ||
| Line 192: | Line 199: | ||
| dhcp_option 3 is gateway, dhcp_option 6 is DNS. | dhcp_option 3 is gateway, dhcp_option 6 is DNS. | ||
| - | ==== 5. Sysupgrade backup add dirs ==== | + | Now we need to configure synchronization of the dhcp leases. Both devices will have a dhcp server and both will assign dynamic IPs to clients. But each will only update its own dhcp lease list. |
| + | |||
| + | Dnsmasq stores current leases in a text file called **/ | ||
| + | |||
| + | This is what it looks like on my OpenWrt router VM | ||
| + | < | ||
| + | root@VM-router: | ||
| + | 1633703346 00: | ||
| + | 1633703352 c4: | ||
| + | 1633703161 c0: | ||
| + | 1633703141 e8: | ||
| + | </ | ||
| + | The first number is a timestamp (seconds since Unix " | ||
| + | |||
| + | So we add a simple and dumb script that just merges the files on both devices every X time, and it assumes that dnsmasq will automatically drop the entries when their lease is up. | ||
| + | |||
| + | We must do the following on both routers. | ||
| + | |||
| + | Import the public SSH key of the router 1 in router 2 (and the reverse) so they can scp to each other without writing the password | ||
| + | this to read the current public key [[docs: | ||
| + | and this to write the key [[docs: | ||
| + | |||
| + | Then copy the following script to **/ | ||
| + | |||
| + | < | ||
| + | #!/bin/sh | ||
| + | #syncs contents of dnsmasq dhcp leases | ||
| + | |||
| + | other_router=192.168.11.254 | ||
| + | |||
| + | scp root@$other_router:/ | ||
| + | |||
| + | cat / | ||
| + | |||
| + | mv / | ||
| + | </ | ||
| + | |||
| + | then make it executable | ||
| + | < | ||
| + | chmod u+x / | ||
| + | </ | ||
| + | Then add a scheduled task to execute this script every minute and enable cron (scheduled tasks) service. (can be done from luci as well [[docs: | ||
| + | |||
| + | < | ||
| + | echo '*/1 * * * * / | ||
| + | echo ' | ||
| + | service cron start | ||
| + | </ | ||
| + | |||
| + | ==== 6. Sysupgrade backup add dirs ==== | ||
| Add the following directories to ''/ | Add the following directories to ''/ | ||
| Line 199: | Line 255: | ||
| / | / | ||
| / | / | ||
| + | / | ||
| </ | </ | ||