How to shutdown a ziti link?

Ziti Overlay
1

I would like to put some unreliable links into down state if possible. Some ISPs drop packets depending on who initiates the connection — for example, A→B fails, but B→A works.

ziti fabric list links 'limit none' -j   | jq -c '.data | sort_by(.cost)[] | [.cost, (.sourceLatency/1000000 | round),(.destLatency/1000000 | round),.id,.state,.staticCost,.iteration]'
.....
[148,72,75,"5H2isGhrLxzofz0hmBlkLX","Connected",1,1]
[151,76,76,"6bCvHPdxdPxsJmyTbILhcy","Connected",1,3]
[155,108,47,"4NB8GdYUSFNoVnb0mPoYkR","Connected",1,8]
[130001,65000,65000,"6ufpk7Efe2gmG6khDpQgx6","Connected",1,602]
[130001,65000,65000,"GqcqIxJxGn1hvBaUYKOXf","Connected",1,10]
[827406,423323,404083,"1BNHyEktdqUaeHNvvATVKq","Connected",1,9]
[827408,423325,404083,"18K54evKNRkM7dPfTrjCIC","Connected",1,8]
[1777869,888935,888935,"6RSKyGmOtCh8ubFnQzwfyx","Connected",1,1168]
[1777885,888943,888942,"311jOPoJTZCwtw3WVHRh2D","Connected",1,286]
[2257571,987693,1269878,"7OZt8EnVQ2Fb5ag6OSRd4s","Connected",1,46]
[3259330,1481517,1777813,"5IyGwnSIE2FxGU2XVdBCyK","Connected",1,175]
[5037098,4444466,592633,"1pn6Nu8t7nebkZXHKwvR3Q","Connected",1,605]
[5185250,2222256,2962993,"6cFbzJs1JHoVnssyYmUNuT","Connected",1,619]
[8888936,4444467,4444469,"7ggxkh9PWFrjEvJl1wMPBW","Connected",1,247]

ziti version
v1.6.10

Routers at both ends log errors

heartbeat not received in time, closing router link connection

could not clear connection deadline for [tls:xxx.xxx.xxx.xxx:m (set tcp yyy.yyy.yyy.yyy:n use of closed network connection)
2

You can mark a link as down as follows:

ziti fabric update link <link id> --down

However, this may not do what you want. It will not remove the link, it will just mark is as unusable, so that it's not considered when routing.

If you know you want links to be dialed in a certain direction, you can use some of the following techniques:

  1. Only add a link listener on one side of the link.
  2. If you need link listeners on both sides for other connections, use groups on the link listener/dialer to ensure that the dialing only happens in one direction.

See the group config option here: Router Configuration Reference | NetFoundry Documentation under listener and dialer.

Hope that's helpful,
Paul

3

One thing I’m observing is that after I mark some links as down, they automatically come back up a few minutes later. From the controller’s point of view, the links transition back to down=false and the iteration counter increases.

I assume this is due to routers re-establishing the link. Would increasing the static-cost be a reasonable way to discourage these links from being selected?

 ziti fabric update link 1pn6Nu8t7nebkZXHKwvR3Q --static-cost 100

Ah, no — on the next iteration the static-cost is reset back to the default value of 1,

Thanks. I’ll try using listener/dialer groups to control the links.