Monitoring an Internet connection

I have a bit of a conundrum:

We have a dedicated Internet connection that services the public WiFi network in our building. It has it's own edge router (Ubiquiti) to which we have a connection from the corporate network for management and monitoring purposes, but no traffic outbound to the Internet is allowed through this interface. We have an SNMP monitor set up from our Orion platform to the Edge Router. The Internet connection itself is through Bell Canada (Fibe Gigabit) and does not have a dedicated IP. We do not have any machines on that network that we could use to monitor the Internet connection.

I want to set up a monitor in Orion that will watch the actual Internet connection. We have had issues in the past where the edge router sees the internet connection as being active, but actual Internet connectivity is not functional for clients.

My initial thought was to set up a ping monitor on Bell's DNS servers, but I'm having issues routing that monitor through the Edge Router from the Orion server (not a very clean/secure solution). I then thought perhaps I could setup DDNS on the Bell HH 2000 and then ping that box from the outside, but then I found out Bell blocks ICMP to them. Not too keen on port-forwarding into the Edge Router for security reasons. 

My colleagues and I have been brainstorming and we can't find a clean, secure, simple solution. Anyone have any recommendations ? 

Parents
  • I think a good way to ensure that your internet connectivity works from the "public wifi network" is to use NetPath which is built-in function in  NPM.

    Simply get some server/pc in that network, install a NetPath probe on it and create a new service that checks for google.com availability for example.

    that will simulate a test of a client trying to access google and you can create an alert on it.

    Hope it helps :) 

  • Thanks for the suggestion Chenash, but as I mentioned in my original post, we have no machines on that network where I could deploy an NPM probe...

  • Im not sure about  Ubiquiti, but if it has an CLI interface that allows login via SSH.

    You might be able to use your DDNS solution with a combination of running script from SAM to verify if this device available for SSH from the internet (allow only your organization public IP),

    another way if you don't have SAM is to have some alert always triggered with an action of execution external program that launch every X minutes a powershell script that checks that and doing somthing unless SSH isn't available, but its not reliable as doing it via SAM,

Reply
  • Im not sure about  Ubiquiti, but if it has an CLI interface that allows login via SSH.

    You might be able to use your DDNS solution with a combination of running script from SAM to verify if this device available for SSH from the internet (allow only your organization public IP),

    another way if you don't have SAM is to have some alert always triggered with an action of execution external program that launch every X minutes a powershell script that checks that and doing somthing unless SSH isn't available, but its not reliable as doing it via SAM,

Children