Commit 08365b47 authored by Vitaly Lipatov's avatar Vitaly Lipatov

route-health: check ikev2.fr/ikev2.gr by ping (no iperf3 server on peer)

These tunnel gateways had no iperf3 server / VPN-status feed on the remote peer (rpi), so route-health judged them by iperf3 -> success=0 -> permanently 'down', masking real tunnel outages (a 7-day SA-down went unnoticed). Add is_pingonly_gw() (ikev2.fr, ikev2.gr) and judge them by ping loss alone (loss>=50 or no data = dead). Suppress the iperf/vpn marks in group display and health.json output for ping-only gateways so a healthy gw no longer shows 'iperf=FAIL'. Co-Authored-By: 's avatarClaude <noreply@anthropic.com>
parent 592e5f2d
......@@ -108,6 +108,17 @@ is_tunnel_gw()
esac
}
# Ping-only gateways: judged by ping alone (no VPN/iperf3 telemetry on peer).
# ikev2.fr/ikev2.gr: remote peer (rpi) has no iperf3 server / VPN-status feed,
# so ping through the tunnel is the direct health signal.
is_pingonly_gw()
{
case "$1" in
ikev2.fr|ikev2.gr) return 0 ;;
*) return 1 ;;
esac
}
# Get health status for a monitor tag
# Usage: get_health TAG
# Returns: healthy, dead
......@@ -119,6 +130,17 @@ get_health()
# For .v6 tags, VPN/iperf3 data is under the base (v4) tag
local base_tag="${tag%.v6}"
# Ping-only gateways: no VPN/iperf3 telemetry — judge by ping alone.
if is_pingonly_gw "$base_tag" ; then
local loss=$(grep "^${tag} " "$HEALTH_DATA" | awk '{print $2}')
if [ -z "$loss" ] ; then
echo "dead"
return
fi
echo "$loss" | awk '{ if ($1 >= 50) print "dead"; else print "healthy" }'
return
fi
# Check VPN status — connected requires vpn=1 AND ping success
local vpn=$(grep "^${base_tag} " "$VPN_DATA" 2>/dev/null | awk '{print $2}')
if [ "$vpn" = "0" ] ; then
......@@ -194,10 +216,13 @@ eval_group_health()
local st=$(get_health "$tag")
local loss=$(grep "^${tag} " "$HEALTH_DATA" | awk '{print $2}')
local ld="${loss:-no_data}%" ; [ -z "$loss" ] && ld="no_data"
local vpn=$(grep "^${tag} " "$VPN_DATA" 2>/dev/null | awk '{print $2}')
local vpn_mark="" ; [ "$vpn" = "0" ] && vpn_mark=",vpn=DOWN"
local iperf_s=$(grep "^${tag} " "$IPERF_DATA" 2>/dev/null | awk '{print $2}')
local iperf_mark="" ; [ "$iperf_s" = "0" ] && iperf_mark=",iperf=FAIL"
local vpn="" vpn_mark="" iperf_s="" iperf_mark=""
if ! is_pingonly_gw "${tag%.v6}" ; then
vpn=$(grep "^${tag} " "$VPN_DATA" 2>/dev/null | awk '{print $2}')
[ "$vpn" = "0" ] && vpn_mark=",vpn=DOWN"
iperf_s=$(grep "^${tag} " "$IPERF_DATA" 2>/dev/null | awk '{print $2}')
[ "$iperf_s" = "0" ] && iperf_mark=",iperf=FAIL"
fi
group_detail="${group_detail:+$group_detail, }$tag=$ld($st$vpn_mark$iperf_mark)"
[ "$st" = "healthy" ] && any_healthy=1
[ "$st" != "dead" ] && all_dead=""
......@@ -302,10 +327,13 @@ for routes_dir in "$ROUTES_DIR" "$ROUTES6_DIR" ; do
st=$(get_health "$tag")
loss=$(grep "^${tag} " "$HEALTH_DATA" | awk '{print $2}')
ld="${loss:-no_data}%" ; [ -z "$loss" ] && ld="no_data"
vpn="" ; vpn_mark="" ; iperf_s="" ; iperf_mark=""
if ! is_pingonly_gw "${tag%.v6}" ; then
vpn=$(grep "^${tag} " "$VPN_DATA" 2>/dev/null | awk '{print $2}')
vpn_mark="" ; [ "$vpn" = "0" ] && vpn_mark=",vpn=DOWN"
[ "$vpn" = "0" ] && vpn_mark=",vpn=DOWN"
iperf_s=$(grep "^${tag} " "$IPERF_DATA" 2>/dev/null | awk '{print $2}')
iperf_mark="" ; [ "$iperf_s" = "0" ] && iperf_mark=",iperf=FAIL"
[ "$iperf_s" = "0" ] && iperf_mark=",iperf=FAIL"
fi
proxy_code=$(grep "^${tag} " "$PROXY_DATA" 2>/dev/null | awk '{print $2}')
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment