Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_TK
Collaborator

ISP Redundancy - monitored hosts questions

Good day everyone.

Setting up ISP redundancy in primary/backup mode for a few clusters and i'm wondering what the correct approach is for the advanced\monitored hosts config.  

primary link is a DIA circuit from AT&T , and backup link is a cable modem from comcast.  

For the monitored hosts, are these just universally reachable targets like 8.8.8.8??  Or more targeted like the AT&T DNS server for link 1 and comcast DNS server for link 2?

Appreciate any insight.

thanks.

 

 

 

0 Kudos
6 Replies
the_rock
Champion
Champion

Just use google dns, I had few customers do it and works fine. Fortinet does same thing. But yes, you could use targeted ones as well.

0 Kudos
D_TK
Collaborator

Thanks, but maybe i'm not understanding how this works.  Currently eth4 is the primary DIA link, and eth5 is the backup cable modem.  I added the cogent DNS server as the primary monitored host, and the comcast DNS server as the backup monitored host.  After pushing policy, i'm seeing the attached - ICMP requests to both of the monitored hosts sourced only from eth4.

I assumed i would see eth4 polling its monitored host, and eth5 polling comcast??   Does this seem correct?

thanks

 

 

 

 

 

0 Kudos
the_rock
Champion
Champion

Im pretty positive what you got is right...you wont see anything on backup link, thats totally normal. Its sort of like if you configured say bgp on a cluster, show bgp peers would only show established on master, never on backup.

Wolfgang
Mentor
Mentor

If you run ISP redundancy in LoadSharing mode both links are using their configured monitored hosts for probing. With HA it works like mentioned @the_rock .

D_TK
Collaborator

Gents, thanks for the help, it seems like it's working normally.  Next time i'm at that location i'll pull the cable and see if it does what it should.

 

0 Kudos
Wolfgang
Mentor
Mentor

@D_TK  With "fw isp_link <Name of ISP link> {up | down}" you can change the state of one of the ISP links to test failover.

0 Kudos