Dual PPPoE Connections with Automatic Failover on Ubuntu

This article is a work in progress

Both modems should be set to Bridged Mode

Packages involved: pppd, shorewall, iproute2

/etc/ppp/peers/cat, configuration file for CAT Telecom provider:

noipdefault
#defaultroute
#replacedefaultroute
#usepeerdns
hide-password
debug
noauth
persist
maxfail 0
lcp-echo-interval 30
lcp-echo-failure 5
mtu 1492
plugin rp-pppoe.so eth0
rp_pppoe_service 'cat'
user "lettersandnumbers@hinet.p"
linkname cat
unit 0

/etc/ppp/peers/tot, configuration file for TOT provider:

noipdefault
#defaultroute
#replacedefaultroute
#usepeerdns
hide-password
debug
noauth
persist
maxfail 0
lcp-echo-interval 30
lcp-echo-failure 5
mtu 1492
plugin rp-pppoe.so eth1
rp_pppoe_service 'tot'
user "phoneno@totgoldbiz"
linkname tot
unit 1

I will explain the options.

#defaultroute
#replacedefaultroute
#usepeerdns

These we comment out, we will control default routes in the /etc/ppp/ip-up.local and /etc/ppp/ip-down.local scripts; we are not going to use DNS servers offered by the provider and will use fixed DNS (like Google DNS) instead.

persist
maxfail 0
lcp-echo-interval 30
lcp-echo-failure 5

Persist sets pppd to keep the connection; maxfail 0 prevents pppd from giving up after 5 unsuccessful connections; we are sending line control protocol “pings” every 30 seconds and going to disconnect and try to connect back again if 5 of these “pings” are lost in a row.

unit 0
linkname cat

unit is a very important option to nail the number (ppp0, ppp1 etc.) of the connection. If this option is not specified, the connections will be numbered in the order they are established and the interface number would change all the time.  linkname defines the name of .pid created in /var/run, I check for the existence of these files from PHP script to report in the web interface if the provider connection is on or off.

/etc/network/interfaces (fragment)

auto cat
iface cat inet ppp
pre-up /sbin/ifconfig eth0 up # line maintained by pppoeconf
provider cat

auto tot
iface cat inet ppp
pre-up /sbin/ifconfig eth1 up # line maintained by pppoeconf
provider tot

/etc/iproute2/rt_tables

#
# reserved values
#
255     local
254     main
253     default
0       unspec
#
# local
#
100     ppp0
200     ppp1

/etc/ppp/ip-up.local

#!/bin/bash
if [[ "$PPP_IFACE" == "ppp0" ]] ; then
        METRIC=1
else
        METRIC=2
fi

ip route add default dev $PPP_IFACE table $PPP_IFACE
ip route add default dev $PPP_IFACE metric $METRIC
ip rule add from $PPP_LOCAL lookup $PPP_IFACE
shorewall refresh
/usr/sbin/ddclient -syslog -file /etc/ddclient-$PPP_IFACE.conf

pppd does not have option to specify interface metric. There is a proposed patch for it, but it is not in the mainline yet. That’s why we move routing setup to this file. First line adds a default route to the routing table named ppp0 or ppp1. Third line adds a rule: if the source address of a packet is a local address of ppp interface, route it through this specific table (ppp0 or ppp1).

I am not sure if refreshing shorewall config is really needed, but won’t do any harm. ddclient updates DynDNS records using two different config files for two interfaces.

/etc/ppp/ip-down.local

#!/bin/sh
ip route del default table $PPP_IFACE
ip route del default dev $PPP_IFACE
ip rule del lookup $PPP_IFACE
shorewall refresh

/etc/shorewall/interfaces (fragment)

net     ppp0            detect          tcpflags,routefilter,nosmurfs,mss=1452
net     ppp1            detect          tcpflags,routefilter,nosmurfs,mss=1452

Important to clamp MSS to 1452 bytes here

“ip route show” output when both connections are on:

default dev ppp0  scope link  metric 1
default dev ppp1  scope link  metric 2

Primary interface ppp0, with lowest metric is used first. If it will go down, the second default route will be used automatically.

To be continued – from failover to load-balancing…