1

Some definition(s)/meaning(s): Stable IP address - a host within Internet Service Provider (ISP) Autonomous system (AS) network, replaying to ICMP type 8 echo request.

Genesis: My routers monitor Internet connectivity by requesting ICMP echo request (one datagram for every 5 seconds) to hosts within ISP's AS network, it gives quite enough reliable image if the link works stable or not.

Reason(s): In (very small scale) multi WAN environments (for example when using at least two different ISPs) it gives me ability to switch off unreliable link and perform the failover and quasi load balancing (done in upstreaming using source and destination IP addresses). For the redundancy my routers usually monitor two hosts in ISP network at the same time and when both addresses are not responsive then the router is able to distinguish ISP's reachability and to switch off given gateway.

Address searching methodology which I'd like to improve: My production tests (almost a year, 99,99% uptime) shows that ISPs the primary DNS server and the first MX server of the domain owned by the ISP are quite reliable way to give me ICMP echo response at almost all time.

Digression: Let's say that I know what BGP is and that it's a proper way to do this, but I cannot afford it because of the cost and micro scale business.

Question: My main concern is that whole thing depends on IP addresses ability to change. I am looking for addresses (methodology to find those addresses) which will be the most possible painful for an ISP to change. Is there something which can be improved - in terms of IP address stability? I'm thinking about ISP's border routers, but I cannot find a way to reliable determine those IPs and I am not sure if it'll be more "stable". Any ideas/opinions?

Michal Sokolowski
  • 1,471
  • 1
  • 11
  • 24
  • 1
    A response or non-response to a ping proffers no definitive information as to the stability, reliability or availability of a given system. – joeqwerty Dec 09 '16 at 14:42
  • You have 99.99% reliability for very small scale environments. Is that not good enough? – Mark Riddell Dec 09 '16 at 16:50
  • @joeqwerty, I am perfectly aware of that. That's why I wrote: `it gives quite enough reliable image if the link works stable or not `, meaning; lack of response during 1000ms gives me fine enough information if router shall ban the link for a given time and to this time it works relative perfectly in the opposition to my customers needs. Have got you any other way to achieve it on your mind? – Michal Sokolowski Dec 09 '16 at 18:12
  • @MarkoPolo: `Question: My main concern is that whole thing depends on IP addresses ability to change. I am looking for addresses which will be the most possible painful for an ISP to change.` Reliability is fine enough and suit to my needs. – Michal Sokolowski Dec 09 '16 at 18:16
  • Pinging the ISPs primary DNS server is probably the best your going to get from a single IP. Changing those are painful. If you want better accuracy Ping more hosts! – Nath Dec 09 '16 at 21:39
  • @Nath `My main concern is that whole thing depends on IP addresses ability to change`, I don't need accuracy - it's fine with double hosts. I am looking for other hosts (methodology to find them) within ISP's network which I can monitor and in the same time those IPs should be painful to change for an ISP. – Michal Sokolowski Dec 13 '16 at 11:16

2 Answers2

1

Link Test

If you are testing the reliability of the link, use tracert to dynamically find the first hop address that is on the other side of your link. Assuming your network topology isn't changing it will always be the same hop number, typically the second or third. In my case, the following works on my Windows machine:

tracert -d 8.8.8.8 | find "  3 "

By monitoring this IP you have a clear indication of whether a failure is due to your link or not.

Connectivity Test

If you are testing in order to make failover decisions then why not ping the address of a well known server? I use Google's DNS server b/c the chance of it being changed are probably much smaller than the chance of an ISP changing an address. Because this approach also factors in the ISPs connections to the rest of the world it is usually more useful. I have seen many cases where the link was good, but the ISP had routing issues that caused service interruptions anyway.

Service Test

As joeqwerty already commented, ping is not a 100% reliable indicator of connectivity b/c it is frequently de-prioritized (i.e. a server/switch/router may drop/delay a ping to keep up with other work instead) and occasionally devices are specifically configured to ignore it (many SOHO firewalls have this options as a rudimentary 'stealth mode'). If you need a more accurate test, monitor the specific port/service you are concerned about. There are several tools that do a "tcp ping" that can help here.

Summary

If uptime is a concern, you should monitor all three - the link, general internet connectivity, and mission critical services - so that you can more easily troubleshoot an issue when it arises.

Jens Ehrich
  • 398
  • 2
  • 7
  • thank you for your time. Although I don't have direct evidence of that, but it seems that big ISPs don't de-prioritize ICMP and they don't drop them at least at DNS and MX servers (like Orange, T-Mobile). Nowadays it's just a myth. My more than year test shows flawless count of response datagrams and their RTT. – Michal Sokolowski Dec 13 '16 at 11:58
  • Jens, I don't know where you live, but here 8.8.8.8 and 8.8.4.4 are not so stable at all, uptime very close to 98,9%/year. Moreover monitoring such distanced hosts with 15 hops (literally half of the world geographically) it's bad idea, because a lot things may go wrong with them and you don't know exact location/ packet path(s). – Michal Sokolowski Dec 13 '16 at 11:58
  • @MichalSokolowski I agree they don't often drop ICMP, however, IMO testing the port you want to connect to is still a better indicator that the service you need is available. Pinging a DNS server (success or fail) says nothing about whether the DNS service is actually running. The Google IPs were only intended as an example. In the first case to show how to find the third hop, and in the second as a reasonably reliable server in my area. You would want to choose something similarly reliable in your area, outside of your ISP's control. – Jens Ehrich Dec 13 '16 at 14:40
1

I use commercial Elfiq Link Balancers to do this.

The method it uses to determine the health of a particular link is to try to establish IP:port connections to several destinations with variable failure timeouts and thresholds.

enter image description here

In general, I'd recommend you poll addresses outside of either ISP's infrastructure since either ISP could have upstream routing problems that they can't control. Public DNS servers are popular for the purpose of polling.

ewwhite
  • 197,159
  • 92
  • 443
  • 809