netbsd-users: Re: Picking a default route from multiple dhclient-managed interfaces

Subject: Re: Picking a default route from multiple dhclient-managed interfaces
To: Michael D. Spence <spence@panix.com>
From: Steven M. Bellovin <smb@cs.columbia.edu>
List: netbsd-users
Date: 01/23/2006 20:56:25

In message <01fd01c62085$89fa0180$4b01a8c0@XEON2>, "Michael D. Spence" writes:
>> -----Original Message-----
>> From: netbsd-users-owner@NetBSD.org 
>> [mailto:netbsd-users-owner@NetBSD.org] On Behalf Of Steven M. Bellovin
>> Sent: Monday, January 23, 2006 8:15 PM
>> To: Michael D. Spence
>> Cc: netbsd-users@NetBSD.org
>> Subject: Re: Picking a default route from multiple 
>> dhclient-managed interfaces 
>> 
>> 
>
>
>
>> If you don't want to do that, create a /etc/dhclient-enter-hooks file.
>> It should say something like this:
>> 
>> 
>> if [ "$interface" = uselessinterface ]; then
>> 	unset $new_routers
>> fi
>> 
>> That will unset the variable on entry, which will cause the 
>> rest of the 
>> script to avoid using it as a default route.
>
>Thanks, I'll give that a try.  Do you suppose an alias and a custom
>dhclient-script would've worked, though?  I was thinking that would
>allow me to do failover because it looked to me like I'd get informed
>of losing the lease and other such things.  That way, if something 
>happened to the regular modem or interface I could change the routing 
>to use whatever IP the second interface was assigned, then change it
>back if the first one came back to life.
>
A custom dhclient script gets you into the usual maintenance headaches; 
I'd stick with enter-hooks and exit-hooks as long as possible.

For failover, though, the problem is defining it.  I don't think that 
you can do that with a simple dhclient script.  What if the router (or, 
more important, its link) goes down after dhclient runs?  Really, what 
you want for that is a daemon that sends pings out via both paths, and 
reconfigures if one is unavailable. 

That said, if you're only concered about lease time there's a simple 
enter-hooks approach that should work.  For a useless interface, always 
try to add the route; if there's already one there, it will fail.  For 
a useful interface,  delete any default route first, so the add will 
succeed.  That's a bit tricky, though, since you only want to do that 
for the proper settings of $reason and maybe $old_routes.  I'll leave 
that as an experiment for the reader.

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb