Failover bond on fully redundant network?
by rudepeople from LinuxQuestions.org on (#5R8MC)
I'm trying to build a fully redundant network for a web server environment. basically, I have 2 of everything in the network. 2x 24 port fiber switches, 2x 48 port copper switches, 2x pfsense appliances (configured in HA), and every server has 2 network cards and I have them all configured with eth0 and eth1 bonded using active/backup mode. In theory, everything is working as desired, however, it's the method of failure that's tripping me up.
So in bonding mode 1 (active backup), the network service watches the active interface for a failure (basically it just checks if the link is up) and when there's an outage on the interface, it switches to the backup. the problem is what if the failure is upstream from the interface. IE: what if the fiber switch goes out, or the router? I have an entirely redundant network here. So I thought maybe I could make a script that checks connectivity to the router and swaps to the backup by bringing down the active network using ifdown... but then how does the network recover if/when the outage is repaired?
I already know that this is all a bad idea. If the network controller in one server fails, that server alone will switch to network 2 and as far as I know, the other servers will be inaccessible to it (am I correct in thinking this?) so I guess the question is, without cross connecting the two networks, is there a better way to do this?
Please note: I am locked in to using this "total redundant network" it's complicated...
So in bonding mode 1 (active backup), the network service watches the active interface for a failure (basically it just checks if the link is up) and when there's an outage on the interface, it switches to the backup. the problem is what if the failure is upstream from the interface. IE: what if the fiber switch goes out, or the router? I have an entirely redundant network here. So I thought maybe I could make a script that checks connectivity to the router and swaps to the backup by bringing down the active network using ifdown... but then how does the network recover if/when the outage is repaired?
I already know that this is all a bad idea. If the network controller in one server fails, that server alone will switch to network 2 and as far as I know, the other servers will be inaccessible to it (am I correct in thinking this?) so I guess the question is, without cross connecting the two networks, is there a better way to do this?
Please note: I am locked in to using this "total redundant network" it's complicated...