Hello, I hope i wont make it too complicated and sorry for my englihs... The company has multiple connections to the internet ADSL + CABLE + XDSL... and i only want to use two for load balancing for now. I have read the HOWTO and i got it up and working it works great but i still have a few questions if anyone could help! the setup is: ADSL on ETH0 and CABLE on ETH1 When i load balance on ADSL + CABLE i want to load balance only lets say FTP, WEB, SMTP and some other ports BUT NOT ssh, telnet and such applications. I want to have ssh and telnet outgoing connections only on my ADSL route. how can i do that? any ideas? and another thing... i was wondering if there is a patch or command or somthing that could check if lets say CABLE line is used more then 80% and ADSL is used less then 10% that the next connection would be made on ADSL? And the last one... about the route cache can i reduce the timeout in chache from default 60s i think to lets say 1 and that when new connections are made they are more frequently reorganized over the load balance? thank you David _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Saturday, 28 September 2002, at 13:36:27 +0200, Dworf wrote:> When i load balance on ADSL + CABLE i want to load balance only lets say FTP, > WEB, SMTP and some other ports BUT NOT ssh, telnet and such applications. I > want to have ssh and telnet outgoing connections only on my ADSL route. how > can i do that? any ideas? >It is easy. Just mark the traffic coming into the Linux router and then route depending on the marks set. For example: echo "100 ADSL" >> /etc/iproute2/rt_tables ip rule add fwmark 1 table ADSL ip route add table ADSL default via $ADSL_GW_IP iptables -t mangle -A PREROUTING --protocol tcp --destination-port 22 \ --jump MARK --set-mark 1 The above does the following: it creates a new routing table called ADSL, that is populated with just one route, a default one, through your ADSL router to the Internet. It additionally uses "iptables" to mark incoming packets going to the SSH well-known port. This traffic gets marked as "1", the mark matches the added "ip rule", so the packet is routed checking the table "ADSL". We configured a very similar setup here some time ago, and is working fine. Specifically, all traffic is routed along a FR line (costly and low bandwidth) but HTTP and FTP, that is routed through ADSL (cheap, high bandwidth). To load balance certain traffic among the two lines we should need to use something like: ip route add default nexthop via $ADSL_GW_IP dev $ETH_ADSL weigth 4 \ nexthop via $FR_GW_IP dev $ETH_FR weight 1 This should direct 80% of connections through ADSL and the remaining 20% through FR. As route selection is cached, all traffic for a certain TCP session will go to the same line. UDP traffic will be balanced per-packet.> and another thing... i was wondering if there is a patch or command or > somthing that could check if lets say CABLE line is used more then 80% and > ADSL is used less then 10% that the next connection would be made on ADSL? >I don''t know if such a command exists (I don''t think so). But you could get something similar with some monitoring and scripting. Hope this helps, in any case, check the Linux Advanced Routing and Traffic Shaping HOWTO at lartc.org, becasuse it contains much information related to what you try to implement. -- Jose Luis Domingo Lopez Linux Registered User #189436 Debian Linux Woody (Linux 2.4.19-pre6aa1) _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Sorry for the delay in response On Sat, 2002-09-28 at 04:36, Dworf wrote:> And the last one... about the route cache can i reduce the timeout in chache > from default 60s i think to lets say 1 and that when new connections are made > they are more frequently reorganized over the load balance?Now I am no guru but I will try to explain the following based on my observations while spending about a week playing around with different values. I was trying to load balance two SDSL lines, and when I finally used Julian''s patches and got everything working. I reverted back to the default values for the route cache. So whether you really need to adjust this is a mood issue. I did not find it a necessity. I will go in order and below are the values I last tested, and the default values. # Default Values #echo 256 > /proc/sys/net/ipv4/route/gc_elasticity # 8 #echo 1 > /proc/sys/net/ipv4/route/gc_interval # 60 #echo 0 > /proc/sys/net/ipv4/route/gc_timeout # 300 #echo 0 > /proc/sys/net/ipv4/route/gc_min_interval # 5 #echo 128 > /proc/sys/net/ipv4/route/gc_thresh # 256 #echo 1 > /proc/sys/net/ipv4/route/max_delay # 10 #echo 1 > /proc/sys/net/ipv4/route/min_delay # 2 #echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter # 1 #echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter # 1 I also looked at the code behind this in route.c, but it did not make much sense. I may look at it again some other time. Now I find it funny that the above entries in the /proc file system have little description or explanation. I cam across very few docs on them, and most were very incomplete. Not that my observations are any better. Now the gc_elasticity seems to have something to do with the # of routes that are expired/removed as part of the gc. A lower # means more gc''s to clear out the cache. A higher # means more at a time. The gc_interval is pretty self explanatory. However setting this to low, like 1 causes route lookups to occur more often, and can impact performance. So be careful with using low values, and stay away from 1. The gc_timeout seems to be a timeout between gc''s? The gc_min_interval is the minimum interval between gc''s? The gc_thresh hold I believe is the # of routes that can be in cache at any one time. Not to sure, but it does seem to have an effect, and is relative to the gc_elasticity. I usually would adjust both. The max_delay is some sort of max delay in between gc''s? The min_delay is some sort of minimum delay in between gc''s? Basically there is an algorithm that uses all the above values together to maintain good performance on most machines out there. I assume they are adjustable for dialing into the machine for specific tasks. It''s hard to say just adjust one. Since each has an effect on the other, usually you have to adjust most if not all to see a difference. When all was said and done for me, despite all the experimenting and testing, I went back to using the default values. When I was able to make a noticeable adjustment, that seemed to work, it later had other effects as the load changed. So that''s my .02 base on my experiences. I welcome other to comment, so maybe we can get some documentation on the web as to what each value actually does. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello, On 30 Sep 2002, William L. Thomson Jr. wrote:> I will go in order and below are the values I last tested, and the > default values. > # Default Values > #echo 256 > /proc/sys/net/ipv4/route/gc_elasticity # 8gc_elasticity can be 1..16, gc_elasticity*gc_thresh is the desired number of entries we can live with, after that point we start to worry about filling the cache.> #echo 1 > /proc/sys/net/ipv4/route/gc_interval # 60 > #echo 0 > /proc/sys/net/ipv4/route/gc_timeout # 300On each interval (gc_interval) up to gc_interval/gc_timeout entries are checked for expiration. With the default parameters, 1/5 of the table on each 60sec, each cache entry lives up to 300sec by default.> #echo 0 > /proc/sys/net/ipv4/route/gc_min_interval # 5gc_min_interval 0 means no restrictions for running GC, may be it is good on load.> #echo 128 > /proc/sys/net/ipv4/route/gc_thresh # 256 > #echo 1 > /proc/sys/net/ipv4/route/max_delay # 10 > #echo 1 > /proc/sys/net/ipv4/route/min_delay # 2 > #echo 0 > /proc/sys/net/ipv4/conf/eth1/rp_filter # 1 > #echo 0 > /proc/sys/net/ipv4/conf/eth2/rp_filter # 1> The gc_timeout seems to be a timeout between gc''s?this is gc_interval Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/