Hi there.
I''ve two Internet connections at the same box, one connection is
made through ADSL, and another is made with a Radio-Link (WaveLAN
IE822).
I wan''t to do a backup connection with the ADSL link.
With what tools I can do this?
ipchains, iptables, a third party tool?
--
____________________________________________________________
PIII 500MHz - 98MB RAM - HD 8.2GB - Diamond Stealth III s540
USR Sportster 56K Int Voice - SoundBlaster AWE 64 -- CL 5.1
//LinuxMan by Friends - The power of a GNU generation\\
http://www.techs.com.br - ICQ 4553082 - #theprodigy #olinux
"Michel A. S. Pereira - KIDMumU[InLove]" wrote:> > Hi there. > > I''ve two Internet connections at the same box, one connection is > made through ADSL, and another is made with a Radio-Link (WaveLAN > IE822). > I wan''t to do a backup connection with the ADSL link. > With what tools I can do this? > ipchains, iptables, a third party tool? >I''m in the middle of doing something very similar. I don''t know how often they update the archives on this list but the subject on the thread for what I''m working on is [a complicated routing scenario (for me at least)] Basically you''ll have to compile the advanced routing options into the kernel allong with ipchains, then install the iproute2 tools. Then you''ll have to configure your box properly using the advanced routing tools and ipchains for the redundant routes. It''s way too complicated to explain it all in one email, so your best bet is to look in the archives on this list. Probably your single best source of information in the way of docs is the command reference doc for the "ip" command (comes in the iproute2 package). If you read and understand this doc, you''ll be well on your way to doing what you want to do. You can also read the ipchains howto, the advanced routing howto, and the ip-masquerading howto. When I get it all done, I''m thinking of writing a howto on the subject, we''ll see... -Andrew
On Thu, Nov 16, 2000 at 02:49:33PM -0800, Andrew wrote:> > I wan''t to do a backup connection with the ADSL link. > > With what tools I can do this? > > ipchains, iptables, a third party tool? > > > I''m in the middle of doing something very similar. I don''t know how often they > update the archives on this list but the subject on the thread for what I''m > working onLinux has a thing called ''dead gateway detection'', which might work for you. Just make two routes with a different metric, should work I think. Existing sessions will die however because their source IP address is unroutable. Regards, bert hubert -- PowerDNS Versatile DNS Services Trilab The Technology People ''SYN! .. SYN|ACK! .. ACK!'' - the mating call of the internet
For configuring a backup route, it shouldn''t be that difficult. You should configure the preferred route (the radio link) statically, with the default metric, and for the backup route (ADSL link), configure it (also statically) with a higher metric. This way traffic will go along the preferred route, as long as the link is up. When the link fails, the route with the higher metric should take over. The routing algorithm will always take a (valid) route with the lowest metric. But indeed, you should read the iproute2 docs, and test the configuration you''ve chosen. If you want to do load balancing and traffic filtering, all the others (iptables/ipchains and the advanced routing howto )come into the picture. But for mere backup routes, playing with metrics will do. Regards, Guy Andrew wrote:> > "Michel A. S. Pereira - KIDMumU[InLove]" wrote: > > > > Hi there. > > > > I''ve two Internet connections at the same box, one connection is > > made through ADSL, and another is made with a Radio-Link (WaveLAN > > IE822). > > I wan''t to do a backup connection with the ADSL link. > > With what tools I can do this? > > ipchains, iptables, a third party tool? > > > I''m in the middle of doing something very similar. I don''t know how often they > update the archives on this list but the subject on the thread for what I''m > working on > is [a complicated routing scenario (for me at least)] > > Basically you''ll have to compile the advanced routing options into the kernel > allong with ipchains, then install the iproute2 tools. Then you''ll have to > configure your box properly using the advanced routing tools and ipchains for > the redundant routes. It''s way too complicated to explain it all in one email, > so your best bet is to look in the archives on this list. > > Probably your single best source of information in the way of docs is the > command reference doc for the "ip" command (comes in the iproute2 package). If > you read and understand this doc, you''ll be well on your way to doing what you > want to do. You can also read the ipchains howto, the advanced routing howto, > and the ip-masquerading howto. > > When I get it all done, I''m thinking of writing a howto on the subject, we''ll > see... > > -Andrew > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://ds9a.nl/2.4Routing/
bert hubert wrote:> > On Thu, Nov 16, 2000 at 02:49:33PM -0800, Andrew wrote: > > > > I wan''t to do a backup connection with the ADSL link. > > > With what tools I can do this? > > > ipchains, iptables, a third party tool? > > > > > I''m in the middle of doing something very similar. I don''t know how often they > > update the archives on this list but the subject on the thread for what I''m > > working on > > Linux has a thing called ''dead gateway detection'', which might work for you. > Just make two routes with a different metric, should work I think. > > Existing sessions will die however because their source IP address is > unroutable.I''m not sure that is working correctly. I have two DSLs to the internet with different IP addresses, speeds and ISPs. DSL1: 63.194.. 384Kb/sec X 1.5-6Mb/sec ADSL on eth1 via pacbell DSL2: 64.63.. is 768Kb/sec SDSL on eth2 via lmki Test: ping yahoo site through DSL1 unplug phone line from bridge on DSL1 ip route flush table cache ping yahoo site --- No response tracepath yahoo site --- Still trying to use DSL1 That isn''t working. Here''s my setup: $ ip route 10.1.1.1 dev eth2 scope link src 10.1.1.2 10.0.0.0/24 dev eth0 scope link src 10.0.0.1 127.0.0.0/8 dev lo scope link default nexthop via 63.194.239.201 dev eth1 weight 99 nexthop via 10.1.1.1 dev eth2 weight 1 10.1.1.1 is the internal ip of the dsl2 router. Pretty nice, Pacbell should start using these. Note: the higher the weight, the more traffic sent through that route. I want most of my local traffic to go through DSL1. Anything requesting traffic on DSL2 will get a response from DSL2, but very little traffic initiated by the router machine will go through DSL2. $ ip rule 0: from all lookup local 32763: from 10.0.0.0/24 lookup 10 32764: from 63.194.239.202 lookup 10 32765: from 10.1.1.2 lookup 20 32766: from all lookup main 32767: from all lookup default $ ip route show table 10 63.194.239.201 dev eth1 scope link src 63.194.239.202 10.0.0.0/24 dev eth0 scope link default via 63.194.239.201 dev eth1 $ ip route show table 20 10.1.1.1 dev eth2 scope link src 10.1.1.2 default via 10.1.1.1 dev eth2 I could write a script that would monitor the interfaces with ping and change the default route after several failed attempts. With the way ping works, to account for several failed responses, you would have to wait about 60 seconds for about three attempts. I think 5 would be good, but that can be configurable. Does this sound good or is this already done better in another tool? I wonder if a routing daemon would do something like this. Monitor with ping, but not expect any routing messages from the monitored routers. Anyone know?
Mike Fedyk wrote:> > bert hubert wrote: > > > > On Thu, Nov 16, 2000 at 02:49:33PM -0800, Andrew wrote: > > > > > > I wan''t to do a backup connection with the ADSL link. > > > > With what tools I can do this? > > > > ipchains, iptables, a third party tool? > > > > > > > I''m in the middle of doing something very similar. I don''t know how often they > > > update the archives on this list but the subject on the thread for what I''m > > > working on > > > > Linux has a thing called ''dead gateway detection'', which might work for you. > > Just make two routes with a different metric, should work I think. > > > > Existing sessions will die however because their source IP address is > > unroutable. > > I''m not sure that is working correctly. I have two DSLs to the internet with > different IP addresses, speeds and ISPs. > > DSL1: 63.194.. 384Kb/sec X 1.5-6Mb/sec ADSL on eth1 via pacbell > DSL2: 64.63.. is 768Kb/sec SDSL on eth2 via lmki > > Test: > ping yahoo site through DSL1 > unplug phone line from bridge on DSL1 > ip route flush table cache > ping yahoo site --- No response > tracepath yahoo site --- Still trying to use DSL1 > > That isn''t working. > > Here''s my setup: > $ ip route > 10.1.1.1 dev eth2 scope link src 10.1.1.2 > 10.0.0.0/24 dev eth0 scope link src 10.0.0.1 > 127.0.0.0/8 dev lo scope link > default > nexthop via 63.194.239.201 dev eth1 weight 99 > nexthop via 10.1.1.1 dev eth2 weight 1 >For the default route, try: ip route add default via 63.194.239.201 dev eth1 ip route add default via 10.1.1.1 dev eth2 metric 10 But you will loose the load balancing behaviour. Emmanuel.
Emmanuel Fuste wrote:> > Mike Fedyk wrote: > > > > bert hubert wrote: > > > Linux has a thing called ''dead gateway detection'', which might work for you. > > > Just make two routes with a different metric, should work I think. > > > > > > Existing sessions will die however because their source IP address is > > > unroutable. > > > > I''m not sure that is working correctly. I have two DSLs to the internet with > > different IP addresses, speeds and ISPs. > > > > DSL1: 63.194.. 384Kb/sec X 1.5-6Mb/sec ADSL on eth1 via pacbell > > DSL2: 64.63.. is 768Kb/sec SDSL on eth2 via lmki > > > > Test: > > ping yahoo site through DSL1 > > unplug phone line from bridge on DSL1 > > ip route flush table cache > > ping yahoo site --- No response > > tracepath yahoo site --- Still trying to use DSL1 > > > > That isn''t working. > > > > Here''s my setup: > > $ ip route > > 10.1.1.1 dev eth2 scope link src 10.1.1.2 > > 10.0.0.0/24 dev eth0 scope link src 10.0.0.1 > > 127.0.0.0/8 dev lo scope link > > default > > nexthop via 63.194.239.201 dev eth1 weight 99 > > nexthop via 10.1.1.1 dev eth2 weight 1 > > > For the default route, try: > ip route add default via 63.194.239.201 dev eth1 > ip route add default via 10.1.1.1 dev eth2 metric 10 > > But you will loose the load balancing behaviour. > > Emmanuel.I am not running any kind of routing daemon, is this required for this to work? Maybe rdisc? The problem I''m having is having a dsl go down suddenly, and switching over to another for outbound traffic for our network. I run a ping and unplug the phone from the dsl bridge. This is how it would go down in a real situation. The ping stops. I "ip ro f t cache", but still nothing. I turn off the dsl bridge, and still nothing. The only thing that I''ve tried that works is "ip link set eth1 down". It seems that I need an active status monitoring system. Here''s my setup: root@gateway:/etc/init.d$ ip ro 63.194.239.201 dev eth1 scope link src 63.194.239.202 10.1.1.1 dev eth2 scope link src 10.1.1.2 10.0.0.0/24 dev eth0 scope link 127.0.0.0/8 dev lo scope link default via 63.194.239.201 dev eth1 default via 10.1.1.1 dev eth2 metric 2 root@gateway:/etc/init.d$ ip ru 0: from all lookup local 32760: from 10.1.1.2 lookup 20 32761: from 63.194.239.202 lookup 10 32766: from all lookup main 32767: from all lookup default root@gateway:/etc/init.d$ ip ro s t 10 63.194.239.201 dev eth1 scope link src 63.194.239.202 10.0.0.0/24 dev eth0 scope link default via 63.194.239.201 dev eth1 root@gateway:/etc/init.d$ ip ro s t 20 10.1.1.1 dev eth2 scope link src 10.1.1.2 default via 10.1.1.1 dev eth2