Implementing Automatic Default Route Failover for Linux Gateway with 3G Modem Backup


2 views

When building a Linux-based gateway with multiple WAN interfaces (like 3G modem + Ethernet), the routing system doesn't automatically handle interface failures. The default route remains pointing to the dead interface until manual intervention.

We'll implement a monitoring system that:

  1. Continuously checks interface viability
  2. Modifies routing tables when failures occur
  3. Restores primary routes when available

First, ensure your interfaces are properly configured in /etc/network/interfaces:


auto eth0
iface eth0 inet dhcp
    metric 100

auto wwan0
iface wwan0 inet dhcp
    metric 200

Create /usr/local/bin/route-monitor.sh:


#!/bin/bash

PRIMARY_GW="192.168.1.1"  # Example primary gateway
BACKUP_GW="192.168.2.1"   # Example backup gateway
TEST_HOST="8.8.8.8"       # Host to ping
INTERVAL=30               # Check interval in seconds

while true; do
    if ping -c 3 -I eth0 $TEST_HOST &> /dev/null; then
        ip route replace default via $PRIMARY_GW dev eth0 metric 100
    else
        ip route replace default via $BACKUP_GW dev wwan0 metric 200
    fi
    sleep $INTERVAL
done

Create /etc/systemd/system/route-monitor.service:


[Unit]
Description=Dynamic Route Failover Service
After=network.target

[Service]
ExecStart=/usr/local/bin/route-monitor.sh
Restart=always

[Install]
WantedBy=multi-user.target

For systems using NetworkManager, create /etc/NetworkManager/dispatcher.d/99-route-failover:


#!/bin/bash

INTERFACE=$1
STATUS=$2

case "$STATUS" in
    up)
        if [ "$INTERFACE" = "eth0" ]; then
            ip route replace default via $PRIMARY_GW dev eth0 metric 100
        fi
        ;;
    down)
        if [ "$INTERFACE" = "eth0" ]; then
            ip route replace default via $BACKUP_GW dev wwan0 metric 200
        fi
        ;;
esac

Simulate failure and verify routing:


# Manually bring down primary interface
sudo ip link set eth0 down

# Verify route change
ip route show | grep default

# Restore interface
sudo ip link set eth0 up

When building a Linux-based NAT gateway with multiple WAN interfaces (e.g., 3G modem + backup connection), maintaining uninterrupted internet connectivity requires intelligent routing failover. The primary challenge lies in detecting connection failures and automatically switching the default route without manual intervention.

There are three robust methods to implement automatic failover:

1. Using iproute2 with Multiple Routing Tables

The Linux kernel's advanced routing capabilities allow for policy-based routing with multiple routing tables. Here's a sample configuration:

# Create custom routing tables
echo "200 primary" >> /etc/iproute2/rt_tables
echo "201 backup" >> /etc/iproute2/rt_tables

# Set up rules for each interface
ip rule add from 192.168.1.100 table primary
ip rule add from 192.168.2.100 table backup

# Configure default routes for each table
ip route add default via 192.168.1.1 dev eth0 table primary
ip route add default via 192.168.2.1 dev eth1 table backup

# Set metrics for priority (lower = higher priority)
ip route add default via 192.168.1.1 dev eth0 metric 100
ip route add default via 192.168.2.1 dev eth1 metric 200

2. Network Manager with Connection Tracking

For systems using NetworkManager, configure connection priorities and enable automatic failover:

# Example nmcli commands
nmcli connection modify eth0 connection.autoconnect-priority 10
nmcli connection modify eth1 connection.autoconnect-priority 5
nmcli connection modify eth0 connection.auth-retries 2
nmcli connection modify eth1 connection.auth-retries 2

3. Script-Based Monitoring with Cron

A robust bash script solution that checks connectivity and switches routes:

#!/bin/bash
PRIMARY_GW="192.168.1.1"
BACKUP_GW="192.168.2.1"
TEST_HOST="8.8.8.8"

ping -c 3 -I eth0 $TEST_HOST > /dev/null 2>&1
if [ $? -ne 0 ]; then
    ip route del default via $PRIMARY_GW
    ip route add default via $BACKUP_GW
    logger "Network failover: Switched to backup gateway"
fi

For enterprise-grade solutions, consider keepalived with VRRP:

vrrp_instance VI_1 {
    state MASTER
    interface eth0
    virtual_router_id 51
    priority 100
    advert_int 1
    authentication {
        auth_type PASS
        auth_pass secret
    }
    virtual_ipaddress {
        192.168.1.254/24
    }
    track_interface {
        eth0 weight -20
    }
}
  • Implement connection state tracking (conntrack) for proper NAT failover
  • Set appropriate route metrics to ensure proper priority handling
  • Test failover scenarios under controlled conditions
  • Monitor route changes via syslog for troubleshooting