- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
We have simple setup, when firewall is connected over physical interface to a L2 switch, while L2 switch is connected to 2 CPEs of different ISPs. Obviously, next hop for our firewall going out is an interface of the CPE. We are tracking default routes for both ISP using route monitoring feature.
Unfortunately, that does not seem to cover a situation when you have a flapping Internet link between L2 switch and any of CPE. Yes, you can go aggressive, add that CPE address in default route monitoring and have pings sent every second, so at the minimum if for 3 seconds there's no response - it will remove default route, but such thing also increase the possibility of false-positives as we also monitor some external destinations.
Is there any more elegant way of catching flapping internet link?
if this helps: if you set up path monitor in your VR, the path will always be sourced from the source IP you configure, so if you use both ISPs to monitor the same destination and one ISP goes down, only one probe will fail
if the remote IP goes down, you do get a false negative (which can be fixed by setting different destination IP or something that's been set up redundantly)
if one ISP is very prone to extended periods of flapping, you could create an HA path monitor that fails over when such case is detected, and only connect the reliable ISP to the second firewall
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!