topic Re: ISP Redundancy on SMB appliances in Spark Firewall (SMB)

ISP Redundancy on SMB appliances

Francesco_Scati — Wed, 20 May 2020 15:49:18 GMT

Hi all,

I have a 1470 appliance centrally managed with two ISPs in HA.

If the ISP1 (Priority 1) goes down the ISP2 (Priority 2 ) take over.

When the ISP1 is back to normal the connection stay always on the ISP2, doesn't switch automatically on the ISP1.

There is something wrong with my configuration or it is normal behaviour?

Thank you.

Cheers

Francesco

Re: ISP Redundancy on SMB appliances

HristoGrigorov — Wed, 20 May 2020 17:10:45 GMT

It is supposed to switch back to higher priority ISP in HA configuration.

What firmware version ?

Look in /var/log/message and /var/log/log/sfwd.elg for possible clue why it didn't do that.

Re: ISP Redundancy on SMB appliances

Francesco_Scati — Thu, 21 May 2020 06:39:29 GMT

Hi,

thank you for your reply. Below what I have but let me add an additional note. Both ISPs are configured with VLANs on the same interface.

On the sfwd.elg I don't see any relevant information.

On var/log/message I see:

### ISP1 DOWN ###

2020 May 20 15:20:36 user.info cposd: [CPOSD] WAN connection "ISP1": Ethernet connection terminated after 13 minute(s), 21 second(s)
2020 May 20 15:20:36 user.info cposd: [CPOSD] Configuration of WAN connection "ISP1" has been changed
2020 May 20 15:21:17 user.err autossh[9513]: error polling to accept read connection: Interrupted system call
2020 May 20 15:21:17 user.info autossh[9513]: port down, restarting ssh
2020 May 20 15:21:17 user.info autossh[9513]: starting ssh (count 2)

### ISP1 UP ###

2020 May 20 15:23:51 user.info cposd: [CPOSD] Configuration of WAN connection "ISP1" has been changed
2020 May 20 15:23:52 user.info cposd: [CPOSD] WAN connection "ISP1": Ethernet connection established, IP address XXX.XXX.XXX.XXX assigned
2020 May 20 15:24:37 user.info autossh[21206]: timeout polling to accept read connection
2020 May 20 15:24:37 user.info autossh[21206]: port down, restarting ssh
2020 May 20 15:24:37 user.info autossh[21206]: starting ssh (count 2)
2020 May 20 15:24:37 user.info autossh[21206]: ssh child pid is 21714

### ISP2 DOWN (I disabled manually the interface to have again ISP1 as Primary) ###

2020 May 20 15:27:02 user.info cposd: [CPOSD] WAN connection "ISP2": Ethernet connection terminated after 20 minute(s), 12 second(s)
2020 May 20 15:27:03 user.info cposd: [CPOSD] Configuration of WAN connection "ISP2" has been changed
2020 May 20 15:29:27 user.info cposd: [CPOSD] Configuration of WAN connection "ISP2" has been changed
2020 May 20 15:29:28 user.info cposd: [CPOSD] WAN connection "ISP2": Ethernet connection established, IP address XXX.XXX.XXX.XXX assigned

Thank you.

Francesco

Re: ISP Redundancy on SMB appliances

HristoGrigorov — Thu, 21 May 2020 06:45:47 GMT

Not sure ISP redundancy works well on VLAN interfaces.

You say that you disabled ISP2 and default route did not change to ISP1?

Re: ISP Redundancy on SMB appliances

Francesco_Scati — Thu, 21 May 2020 11:02:26 GMT

I have always two default routes:

### CLISH ###

> show route all

Codes: C - Connected, S - Static, R - RIP, B - BGP (D - Default),
O - OSPF IntraArea (IA - InterArea, E - External, N - NSSA),
A - Aggregate, K - Kernel Remnant, H - Hidden, P - Suppressed,
U - Unreachable, i - Inactive

S 0.0.0.0/0 via 12X.XXX.XXX.1, WAN.2, cost 0, age 3
S i 0.0.0.0/0 via 1XX.XXX.XXX.1, WAN.1, cost 0, age 3 (this is strange because is the primary but it says inactive)

### BASH ###

[]# ip route

default via 1XX.XXX.XXX.1 dev WAN.1 metric 101
default via 12X.XXX.XXX.1 dev WAN.2 metric 102

When I disconnect the ISP1 I see correctly only a default route and when I connect back the ISP1 I have again both default routes but always as above and didn't switch automatically to the primary ISP.

I forgot the firmware version is R77_990173004_20.

thanks

Re: ISP Redundancy on SMB appliances

HristoGrigorov — Thu, 21 May 2020 11:06:59 GMT

Btw, keep in mind that connections are sticky. If it was established via ISP2 it will go through there for the remaining of its life even if ISP1 is available again.

New connections however must go through the interface with the lowest metric.

Re: ISP Redundancy on SMB appliances

Francesco_Scati — Thu, 21 May 2020 11:47:53 GMT

mmmm...OK

Thank you