LARTC - Feb 2002 - Load Balance RX/TX data on the same NICs.

Hello,
I have a Compaq Proliant i850R, running RedHat 7.1.
There are 3 NICs attached to it, 2 eepro100, and 1
ThunderLAN driver v1.14a.
This box is being prepped to be a download server.

GOAL:
Requests are sent to each NIC via seperate IP addresses.
All 3 are on the same subnet.
All requests are load balanced via a DNS server.
We want all requests to exit the same NIC that they
entered.

PROBLEM:
All requests are satisfied via the last NIC (eth2).
eth2 does 99% of the transmissions.

With the configuration below it is possible to do load-balancing,
both in and out, but it is not possible to secure shell to the
box.  If the "ip rule" lines are commented out, login is possible,
but no outbound load balancing.

OUR CONFIGURATION:
ip route add 206.17.228.231 dev eth1
ip route add 206.17.228.232 dev eth2
ip route add 206.17.228.230 dev eth0
/sbin/route del default 2> /dev/null
/sbin/ip route add default equalize nexthop via 206.17.228.2 dev eth1
nexthop via 206.17.228.2 dev eth2 

ip route add 206.17.228.231 dev eth1 table 231
ip route add default via 206.17.228.2 dev eth1 src 206.17.228.231 table 231
ip route flush cache
ip route add 206.17.228.232 dev eth2 table 232
ip route add default via 206.17.228.2 dev eth1 src 206.17.228.232 table 232
ip route flush cache
ip route add 206.17.228.230 dev eth0 table 230
ip route add default via 206.17.228.2 dev eth1 src 206.17.228.230 table 230
ip route flush cache

ip rule add from 206.17.228.231 table 231
ip rule add from 206.17.228.232 table 232
ip rule add from 206.17.228.230 table 230


WHAT AM I DOING WRONG?

Robert Richardson

You might look at http://www.linuxvirtualserver.org/~julian/nano.txt - if
your not using the patches referred to there it''s still a good outline
of a
solution that should generalize to your setup. Just leave out "proto
static"
in the lines where it occurs and set 3 rather than 2 special tables. I have
no trouble with either SSH or having FTP return over the interface it comes
in on with that setup.

Whit

This page looks promising.
I appreciate your suggestion.

Thanks,
Robert.

-----Original Message-----
From: Whit Blauvelt [mailto:whit@transpect.com]
Sent: Thursday, February 07, 2002 4:17 PM
To: Richardson, Robert
Cc: ''lartc@mailman.ds9a.nl''
Subject: Re: [LARTC] Load Balance RX/TX data on the same NICs.


You might look at http://www.linuxvirtualserver.org/~julian/nano.txt - if
your not using the patches referred to there it''s still a good outline
of a
solution that should generalize to your setup. Just leave out "proto
static"
in the lines where it occurs and set 3 rather than 2 special tables. I have
no trouble with either SSH or having FTP return over the interface it comes
in on with that setup.

Whit

On Thu, Feb 07, 2002 at 02:31:00PM -0800, Richardson, Robert wrote:
> With the configuration below it is possible to do load-balancing,
> both in and out, but it is not possible to secure shell to the
> box.  If the "ip rule" lines are commented out, login is
possible,
> but no outbound load balancing.
Please be more precise. What happens when connecting via ssh? Run ssh -v. Do
you get a timeout? Do you get a connection reset by peer? At which line does
it stop working. My glass ball is running overtime on this list.

Can you run tcpdump on all interfaces on your Compaq while you try to login?
> OUR CONFIGURATION:
> ip route add 206.17.228.231 dev eth1
> ip route add 206.17.228.232 dev eth2
> ip route add 206.17.228.230 dev eth0
> /sbin/route del default 2> /dev/null
> /sbin/ip route add default equalize nexthop via 206.17.228.2 dev eth1
> nexthop via 206.17.228.2 dev eth2 
I suggest you remove the generic default route - you''ve covered all
possibilities in other tables - unless there are more IP addresses on your
machine. 

In that case, the problem is that ssh changes its TOS halfway during
connecting, causing packets that previously went out over, say eth0, to
suddenly go out over eth1, which may upset your local routing. Try ssh-ing
to one of the addresses for which a table exists.

Anyway, do the measurements. This setup is supposed to work just fine.

Regards,

bert

-- 
http://www.PowerDNS.com          Versatile DNS Software & Services
http://www.tk                              the dot in .tk
Netherlabs BV / Rent-a-Nerd.nl           - Nerd Available -
Linux Advanced Routing & Traffic Control: http://ds9a.nl/lartc