Static Route Path Monitoring, failover
Hello all,
sometimes it's not possible to do dynamic routing because not all peers supports it.
As fallback static routes are used.
I would like to see the possibility to monitor static routes by some kind of health checks like ping.
(Like Palo Alto does)

It's not the same as WAN load balancing because the PBR would add other complexity.



Hi adestis, what you descripe is possible to do today with the help of a shellscript and the crontab, if you are interested i could help you create a script that does this for you, the one drawback is that the failover-time is in the ballpark of minutes, and the routes are not present in the configuration... Also, cron fills the log with messages every time it executed

Hello runar,
I know that it's possible to do it manually.
But I really would like to see a more integrated solution where you can add a check for the next hop inside the configuration.

A solution based on cron might be not so ideal because of the minimum time of 1 minute.

MikroTik RouterOS supports something like this:

/ip route add gateway=, check-gateway=ping

or check-gateway=arp for boxes that don't ping very well.

It would be really nifty to find a way to add this to VyOS, but it would also have to interact well with FRR to ensure these "semi-static" routes propagate through to IGP/EGP where there is a redistribute static in effect.

Would it be reasonable to use BFD for this? Since BFD is already implemented we might be able to use that as well?

@Cheeze_It BFD for static routes would be nice as well but sometimes the target you test against is not under your control and/or does not support BFD.

@adestis yes, that is true....but that can be worked around. Any option can be used (either BFD, or ARP, or ICMP). I just wanted to give more ideas so that hopefully can get a working implementation for all 3.

So far I have seen that BFD for static routes in FRR is currently under development:

(Seems like tests are only missing).

But so far I have not seen anything like @maznu mentioned what MikroTik has.
That really would be nice.

The way I was thinking is on this Juniper page here.

If you guys would like, I can mock it up in my lab, test it, and show you the configuration I used and maybe it would be possible for us to see if we can make something similar or at least with similar functionality.

set protocols failover route next-hop check target ''
set protocols failover route next-hop check timeout '10'
set protocols failover route next-hop check type 'icmp'
set protocols failover route next-hop interface 'eth1'
set protocols failover route next-hop metric '2'