Gateway Watcher

From Phospher
Jump to: navigation, search

Introduction

Gateway Watcher (gwwatcher) is a utility used for internet connection failover/failback. gwwatcher will log the current (realtime) status of the currently active connection as well as status of the secondary connection (based on timed checks in the config). gwwatcher also uses gnuplot to draw pretty graphs of the amount of time spent on each connection; logs are stored on disk and are available via the web interface. The WebUI is primarly HTML with a little bit of PHP scripting to read-in the current status of the connections and log listings.


Software dependencies: (can be automatically resolved and installed via Yum when using the gwwatcher RPM)

  • bash
  • iptables
  • iproute
  • gnuplot
  • apache with php support
  • logrotate (if you want logs to be deleted after a specified size)


Key features:

  • Monitors two internet connections for availability
  • Fails over to secondary if primary becomes unresponsive. Will also fail back to primary if it becomes available again.
  • Uses policy based routing for multi-route monitoring
  • Uses iptables for creating on-the-fly NATs
  • WebUI for real-time status of the currently active connection and inactive connection
  • WebUI to view current and historical connection graphs for uptime/downtime trending
  • WebUI to vew real-time status of system information
  • Support for multiple test hosts via IP or DNS
  • Support for logging to RAMDISK (good for SSD servers) then archive to disk
  • Init script with chkconfig support (will move "ramdisk" logs to "disk" upon service stop
  • If using the logrotate config (automatically installed by RPM) ramdisk logs will be moved to disk every day while historical logs on disk will be deleted yearly.

Screenshots

MainPage
Historical
System Info








Installation

Note: RedHat based distro--RHEL, CentOS, Fedora. Will also work on other RPM based distros if the location of apache, iproute, iptables and gnuplot are the same. Using the RPM will also provide you with a simple mechanism for updating gwwatcher, automatic dependency resolution, chkconfig scripts for automatic init configuration, also apache and logrotate are automatically configured.
or

or

  • Source (Can also build the above tar and RPM packages.)

Packages required to build RPM and tarball

rpm-build
rpm-devel
elfutils
elfutils-libelf-devel
elfutils-libelf-devel-static
elfutils-libs
libselinux-devel
libsepol-devel
nspr-devel
nss-devel
sqlite-devel
tar


Configuration

  • You will need a Linux machine (tested on CentOS 5.4, Fedora 8 and Fedora 12) to run gwwatcher and act as your new gateway. You will need three physical ethernet interfaces and basic know-how to configure them. You need to assign a subnet and IP address to each interface (all different).

Example:
eth0--Inside: IP 1.1.1.1 Subnet: 1.1.1.0/24
eth1--Primary Outside: IP 2.2.1.1 Subnet: 2.2.1.0/24
eth2--Secondary Outside: IP 2.2.2.1 Subnet: 2.2.2.0/24

In this example your clients exist in the 1.1.1.0/24 subnet while access to your internet connections exist behind two NATs 2.2.1.1 and 2.2.2.1 (RFC1918 IP space.)

  • Note: I've tested gwwatcher behind two BEFSR41 Linksys NATs with no success. These Linksys routers stop after 128 ICMP requests every time. DO NOT USE THEM :) I am currently using two Cisco 871 routers as simple NATs to act as my primary and secondary gateways. You can also disable DHCP on these devices as DHCP is not needed here. You will need to provide DHCP further downstream, I recommend running dhcpd on the gwwatcher box out the inside subnet.

If you have had success with other devices, email me. brian@phospher.com


You should be able to access both internet connections via your gateways before running gwwatcher.

The only file you need to configure in gwwatcher is <your gwwatcher installation root>/etc/gwwatcher.cfg.


  • What you will need to know about your environment:


  • Installation root of gwwatcher (automatically set to /opt/gwwatcher when using the gwwatcher RPM.)

</opt/gwwatcher> ?


  • What host you wish to use for testing

I recommend using the IP address of an external host (nslookup google.com, yahoo.com etc...)

  • Note: this host must respond to ICMP echo-requests. While it is possible to use a DNS record (google.com) be aware, some DNS servers will only respond to clients on their trusted networks.


  • Interface used for inside network

Physical interface which is connected to your internal trusted network.


  • Interfaced used for primary outside network

Physical interfaced which is connected to your primary outside network.


  • Interfaced used for secondary outside network

Physical interfaced which is connected to your secondary outside network.


  • IP address of Primary gateway

Provide the IP address to your primary gateway


  • IP address of Secondary gateway

Provide the IP address to your secondary gateway


  • Subnet used for Primary network

Provide the subnet of your primary network (0.0.0.0/0 format)


  • Subnet used for Secondary network

Provide the subnet of your secondary network (0.0.0.0/0 format)


  • Subnet used for Inside network

Provide the subnet of your internal network (0.0.0.0/0 format)


Click here for an example configuration file.


Here is a drawing of an example network showing gwwatcher implemented.

Example Network

Example network










Support Forum

Click here to visit the Gateway Watcher support board.

To Do List

  • Add email notification support
  • Possibly clean up WebUI
  • Add support for more than two connections
  • Add DHCP support for outside interfaces

Change log

Click here for the change log.


License


Gateway Watcher is licensed under the GPLv2 (GNU Public License version 2).