Project

General

Profile

Feature #978

Mobike interface priority enforcement (enforce eth0 over backup ppp0)

Added by Olivier HERSENT about 4 years ago. Updated about 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
01.06.2015
Due date:
Estimated time:
Resolution:
Fixed

Description

In current implementation of Mobike, the order of interfaces listed in strongswan.conf interfaces_use parameter is taken into account only at startup.
After startup, the last valid interface is always used until it fails.

In some use cases, typically when one of the interfaces is a backup interface (PPP over cellular), it is desirable that Mobike will always use the higher priority interface (e.g. Ethernet) as soon as it is detected valid:

If interfaces_use = eth0 , ppp0
and (new parameter) interface_priority=strict (current behaviour could be defined as interface_priority=sticky)
then
- Start Mobike over eth0 if it is valid
- if eth0 fails then use ppp0
- as soon as eth0 is valid again (up and client able to communicate with strongswan concentrator over this interface), then switch tunnel to eth0 again.

We are willing to fund development for this patch as it is required in a short term large scale project.

If such automatic priority enforcement is too difficult to implement as part of Strongswan, then we would need a command to force Mobike to try using a specific interface : this would allow external code to test interfaces (e.g. by attaching to each interface and pinging the concentrator) and force Mobike to start using the higher priority interface as soon as it gets back up. But integration in strongswan would be better.

In case consulting is not possible, we would need a pointer to the part of the code that handles interface monitoring and switching, in order to prepare a patch by ourselves.

ignore_current_source_ip.patch (503 Bytes) ignore_current_source_ip.patch Tobias Brunner, 01.06.2015 16:53

Related issues

Related to Bug #865: Android >= 5.0.1, Problems when switching to WIFIClosed2015-02-25

History

#1 Updated by Tobias Brunner about 4 years ago

In current implementation of Mobike, the order of interfaces listed in strongswan.conf interfaces_use parameter is taken into account only at startup.

The order has actually no relevance at all, not even at startup. This list (or interfaces_ignore) is simply used to filter interfaces for some applications (e.g. to drop inbound packets from other interfaces, or to ignore IP addresses on other interfaces).

To determine which source IP/interface is used to reach other peers the kernel-netlink plugin uses the kernel's routing table. Since 5.3.0 the metrics of these routes are also considered properly. So if the routes via eth0 have a higher priority than the ones via ppp0 the daemon will choose eth0 initially (and would also prefer it later). But as you noticed the daemon does not switch the source address as long as it is still usable (i.e. as long as there is a route for which the current source address is valid). This wasn't the case in older releases, but was added to avoid switching IPs/interfaces too often to to allow pinning connections by setting left to a specific IP (e.g. to have two tunnels that use different interfaces).

It's fairly trivial to change this, though. The attached patch, for instance, causes the daemon to ignore the current IP and always do a lookup for the best route. So if the routes via eth0 have a higher priority the daemon will actively change the source IP once if eth0 comes back.

#2 Updated by Tobias Brunner about 4 years ago

  • Related to Bug #865: Android >= 5.0.1, Problems when switching to WIFI added

#3 Updated by Tobias Brunner about 1 year ago

  • Status changed from Feedback to Closed
  • Resolution set to Fixed

There is an option to always switch to the "best" route since 5.5.2.

Also available in: Atom PDF