[ale] PPP/SSH VPN dies randomly
James P. Kinney III
jkinney at localnetsolutions.com
Mon Mar 4 21:56:29 EST 2002
If you're expected to provide 7 nines of VPN reliability, I'm glad I
don't work for your company!
The only way to get even 99.99% VPM uptime would involve multiple,
redundant, synchronous data lines. I don't want to even think about the
engineering costs.
As most places that have VPN's have them automated for connection setup,
use that to your advantage. Keep a connection test running at intervals
appropriate to your normal loading. When the connection test fails,
reroute the VPN traffic before the tunneling to a buffered fifo and
remake the connection. Dump the buffer through the connection when it's
ready.
I have never kept a VPN up for days on end. There has always been some
network glitch outside my control that has required a reconnect. I saw a
statistic (I need to keep a better log of this stuff) that claimed there
is a fiber line cut every day in the US.
On Mon, 2002-03-04 at 21:43, Christopher Bergeron wrote:
> And this is acceptable? Forgive me for being naive, but that would be like
> using an Operating System that crashed almost daily and wrote it off as, "I
> guess that's just how it has to be". By definition there has to be a
> "reason" for it and therefore, a solution.
>
> Have you confronted your VPN vendor about it (please say it wasn't Cisco)?
> If so, what was their response?
>
> I'm currently adding a VPN watchdog to my crontab, but even 1 minute of
> downtime per month is a major malfunction. Someone has to have some clues
> about this. I'm not using IPsec, I'm using SSH over PPP. I understand that
> encryption can be finicky, but I have a hard time blaming SSH. I'm expected
> to produce 99.99999% availability and I can't accept anything less. Call me
> a spoiled Linux user for assuming availability, if you must...
>
> :)
>
> Anyone have any leads or even starting points for debugging this?
>
> Thanks,
> CB
>
>
> > -----Original Message-----
> > From: Geoffrey [mailto:esoteric at 3times25.net]
> > Sent: Monday, March 04, 2002 7:53 PM
> > To: Christopher Bergeron
> > Cc: Ale
> > Subject: Re: [ale] PPP/SSH VPN dies randomly
> >
> >
> > No real help, except to say that this happens to my (commercial) vpn
> > connectivity on occasion. It presents an error message something to the
> > effect of: "heartbeat missed, assuming tunnel is down." This is an
> > ipsec vpn.
> >
> > Christopher Bergeron wrote:
> > > Does anyone have any idea why my VPN connection dies
> > periodically? It seems
> > > to be okay for a few days and then one of the procees goes
> > defunct and the
> > > connection goes down. I'm tunneling ssh over ppp over a T1
> > connection to
> > > the 'net on both sides.
> > >
> > > Any clues are greatly appreciated...
> > > -CB
> > >
> > >
> > > ---
> > > This message has been sent through the ALE general discussion list.
> > > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > > sent to listmaster at ale dot org.
> > >
> > >
> > >
> >
> >
> > --
> > Until later: Geoffrey esoteric at 3times25.net
> >
> > I didn't have to buy my radio from a specific company to listen
> > to FM, why doesn't that apply to the Internet (anymore...)?
> >
> >
> > ---
> > This message has been sent through the ALE general discussion list.
> > See http://www.ale.org/mailing-lists.shtml for more info.
> > Problems should be
> > sent to listmaster at ale dot org.
> >
>
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
> sent to listmaster at ale dot org.
>
--
James P. Kinney III \Changing the mobile computing world/
President and COO \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
This is a digitally signed message part
More information about the Ale
mailing list