Fail over without NAT

PeterUK · April 2023

So someone said about this for a switch and I said there is no WAN fail over but then something happened to me my ISP went down I had a backup but this did not work due to my PC getting the WAN over a USG bridge and when the internet went down ARP to the WAN gateway still happened so that the NIC still used the my main connection so to get it working I block ARP which the PC then failed over. And that got me thinking for this idea.

With a managed switch it has a IP and gateway behind NAT mainly for NTP but what if you put a ping check to check say 1.1.1.1 then when ping fails you block ARP on given ports which the PC will then fail over.

What you think?

Here is a example of how it would work setup

Ping check from 192.168.255.245 to 1.1.1.1 out port 14 to LAN1 on USG SNAT out OPT to port 28 out port 27 to port 5 out port 8 internet

PC in port 21 out port 22 to DMZ bridge out WAN to port 1 out port 8 for internet.

When ping to 1.1.1.1 fail ports 21 and 22 block ARP then PC on another NIC to 4G for backup internet.

Zyxel_Melen · April 2023

Hi @PeterUK,

I think "ping check" is a gateway/firewall function. Why not add another gateway/firewall in this scenario?

PeterUK · April 2023

https://community.zyxel.com/en/discussion/comment/51101#Comment_51101

If you read the scenario it will not work the idea is to block ARP on given ports of the switch when ping check fails in order for the device to fail over.

Zyxel_Melen · April 2023

Hi @PeterUK,

Thanks for sharing your idea. However, the ping check function is more common on routers/firewalls. Or you can write a script to do a ping check and do a failover on the PC.

We will monitor the reply and vote in your idea post to check if other users also need this function.

PeterUK · April 2023

If done right I think it be useful for some.

A script to do a ping check and do a failover on the PC is a good idea but after thinking about it it might not work the way I hope the problem with ping check on routers/firewalls is this will not work for a bridge that the PC goes through

PeterUK · April 2023

Just showing how it could be implemented

Zyxel_Melen · April 2023

Hi @PeterUK,

Failover is more common on layer 3 devices. I want to share that our XS3800 has failover features like route failover (a new feature on 4.80 firmware) and VRRP. You can consider it.

PeterUK · April 2023

But picture the problem this solves your PC gets a WAN IP you ARP to the gateway the internet goes down but ARP to the gateway is up the PC has no way of knowing internet is down use a USG as a bridge firewall for the PC to go through have no way of re-routing or fail over of the bridge so need the ARP to the gateway needs to fail which is layer 2 for the PC to fail over on another NIC

Zyxel_Melen · May 2023

Hi @PeterUK,

After conducting a local lab test, I discovered that the PC automatically switches to a different adapter when the Internet connection through the firewall is disconnected. Can you please confirm if your PC exhibits a similar behavior? If so, there is no need to configure your switch or firewall.

PeterUK · May 2023

Windows 11 does not switch to a different adapter IF ARP to the gateway is good

NIC with WAN IP ARP to WAN gateway is fine but no internet

NIC with backup only gets used if NIC above ARP fails

monkeynia · May 2023

Hi @PeterUK,

An interesting idea.

How often do you think the switch should check the internet connectivity?
And why not remove the ethernet cable when the internet is not reachable?

Fail over without NAT

All Replies

Categories

Switch Help Center