Results 1 to 6 of 6
  1. #1
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default Proposed solution for Multi-WAN Failover with Session Persistence

    Hello Untanglers,

    I've created a mock diagram which I am wondering if you think would be feasible to fit into the product in the future. Mostly I'm just wondering if there is anything inherently different with Untangle's internal architecture that would not allow a solution like this to be fairly easily added.

    My understanding is that multi-WAN VPN failover always breaks all sessions because of Untangle's state table having the WAN interface listed with the session, and therefore when the WAN is no longer available, all associated sessions break.

    I understand this makes sense. However, I'm wondering if it would be feasible to add a virtual bridge interface and let it be the "WAN" interface listed in the sessions table. Then use routes (static or dynamic) to determine which VPN tunnel (next-hop route) to take to deliver the packets. By separating the session from the physical WAN interface or even the VPN tunnel, my thought is this may allow the sessions table to still contain valid interfaces all the while, even when WAN interface & VPN tunnel availability changes.

    Here is a quick diagram I made:

    Proposed solution for multi-wan VPN failover with session persistence.jpg

    I understand Untangle also has its existing internal virtual bridge network for the UVM/etc. But this potentially could make this type of solution even easier to implement, because you guys are already experts in that technology.

    Anyway, I'm not asking this to be put into the solution. I believe there's a different place where we are supposed to submit feature requests. I'm just asking whether this solution would make sense and be feasible in the architecture of Untangle.

    If so, then I will probably submit a feature request.

    Thanks all!
    Last edited by dmor; 03-11-2021 at 12:45 PM.

  2. #2
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default

    This is a similar methodology to how Cisco keeps some of their dynamic routing protocol routing processes resilient against interface/route failures. I forget whether its OSPF, EIGRP or both that you have to attach to an actual interface. This is problematic unless you attach it to a loopback interface. Otherwise if you lose an interface, you lose your entire routing process, and it takes more time to recover, and you lose the benefit of a redundant dynamic routing protocol.

  3. #3
    Master Untangler dmor's Avatar
    Join Date
    Jun 2009
    Posts
    687

    Default

    Any thoughts on this Untangle people?

  4. #4
    Untangler
    Join Date
    May 2008
    Posts
    592

    Default

    Is there a feature request for this, I would vote for it?

  5. #5
    Master Untangler
    Join Date
    May 2008
    Location
    Bryan, TX
    Posts
    260

    Default

    Is that how sdwan products do it?

  6. #6
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    26,542

    Default

    And I'm just off in the weeds thinking... it's 2021, and modern cloud interfaces don't give a flying rip about session persistence. They simply reconnect and move on.
    CMcNaughton likes this.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2