Hi ... I have 2 DSL lines all up and running on one RedHat box... I want to balance traffic going out over the two providers The 2 DSL routers Have IP''s 10.10.10.1 / 10.10.10.2 ... my linux box (eth0) has IP 10.10.10.10 connected on a separate ethernet SO I read the http://lartc.org/howto/lartc.rpdb.multiple-links.html guide (chapter 4.2.2) In my case I have to make these routes # ip route add default nexthop via 10.10.10.1 dev eth0 nexthop via 10.10.10.2 dev eth0 Works Fine!! every connection request going is perfectly balanced sent out via both gateways But works only on the linux box itself! from the (masqueraded) clients it doesn''t: Every first request which is masqueraded -> gateway 10.10.10.1 (works fine) Every second request which is masqueraded -> gateway 10.10.10.2 (don''t get reply back) When I change the multipath route so that 10.10.10.2 is the first hop # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via 10.10.10.1 dev eth0 Gw 10.10.10.2 (fine) Gw 10.10.10.1 (doesn''t work ... Only from the linux box itself) So it every time seems to be the second "hop" in the multipath route which isn''t beeing masqueraded properly! Can anyone help? Thanks in advance! Niels! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
I''m almost sure I don''t need more NIC''s... (only if you want to separate the nets physically you do neet more NIC''s) With simple policy routing I already have a succesfull masquerading network with Source Subnet X going through gateway 1 and Source subnet Y going through gateway 2 (balancing the load based on subnet) It even works if those 2 gateways are on totally different subnets! just add an extra IP adress to your interface like this: #Ip addr add 10.50.50.10/24 dev eth0 brd 10.50.50.255 then add a second default route (for example to gateway 10.50.50.254) in table (for example testtable) like this: #Ip route add default dev eth0 via 10.50.50.254 table test Then add a rule to use the table from (for example) a specific subnet #Ip rule add pref 1000 table test from 192.168.0.0/16 And it''s up and running! SO, I''m sure load balancing (multi path routes) must also be possible from the local machine I have it already working... so why not via masquerading? PS.. I read something about the "src" option in the route add command .. But it didn''t seem to help me out. -----Original Message----- From: Greg Scott [mailto:GregScott@InfraSupportEtc.com] Sent: 31 July 2002 17:15 To: niels@wxn.nl; lartc@mailman.ds9a.nl Subject: RE: [LARTC] Multipath route problem> # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via > 10.10.10.1 dev eth0I wonder if this is a problem going out over the same NIC to the two providers? All the docs I can find show each provider on its own NIC. I am setting up something similar and was just about to ask if I can do it with one NIC connecting all the providers. That would save me a bunch of precious PCI slots! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via > 10.10.10.1 dev eth0I wonder if this is a problem going out over the same NIC to the two providers? All the docs I can find show each provider on its own NIC. I am setting up something similar and was just about to ask if I can do it with one NIC connecting all the providers. That would save me a bunch of precious PCI slots! In my case there are 4 - count ''em - 4 external routers to the Internet! 3 of them are supposed to load-balance for user traffic and the fourth is for a bunch of internal servers with known IP Addresses. So there will be a fwmark policy that puts the routes for those servers into its own table. Life would be great if I could do all this on a single NIC connecting all of those routers. Or do Neils and I both need a separate NIC for each router? thanks - Greg -----Original Message----- From: niels@wxn.nl [mailto:niels@wxn.nl] Sent: Wednesday, July 31, 2002 8:42 AM To: lartc@mailman.ds9a.nl Subject: [LARTC] Multipath route problem Hi ... I have 2 DSL lines all up and running on one RedHat box... I want to balance traffic going out over the two providers The 2 DSL routers Have IP''s 10.10.10.1 / 10.10.10.2 ... my linux box (eth0) has IP 10.10.10.10 connected on a separate ethernet SO I read the http://lartc.org/howto/lartc.rpdb.multiple-links.html guide (chapter 4.2.2) In my case I have to make these routes # ip route add default nexthop via 10.10.10.1 dev eth0 nexthop via 10.10.10.2 dev eth0 Works Fine!! every connection request going is perfectly balanced sent out via both gateways But works only on the linux box itself! from the (masqueraded) clients it doesn''t: Every first request which is masqueraded -> gateway 10.10.10.1 (works fine) Every second request which is masqueraded -> gateway 10.10.10.2 (don''t get reply back) When I change the multipath route so that 10.10.10.2 is the first hop # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via 10.10.10.1 dev eth0 Gw 10.10.10.2 (fine) Gw 10.10.10.1 (doesn''t work ... Only from the linux box itself) So it every time seems to be the second "hop" in the multipath route which isn''t beeing masqueraded properly! Can anyone help? Thanks in advance! Niels! _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Greg, : I wonder if this is a problem going out over the same NIC to the two : providers? All the docs I can find show each provider on its own NIC. : : I am setting up something similar and was just about to ask if I can : do it with one NIC connecting all the providers. That would save me : a bunch of precious PCI slots! You could always try the multi-port ethernet cards. They are usually a bit more expensive, but they give you up to four ports on a single PCI card. Occasionally, you may run into IRQ problems, depending on the card and your motherboard, but this solves your PCI slot availablity problem. The DLink DFE 570TX is the one I use (with the tulip driver), and it works well and reliably. http://www.dlink.com/products/adapters/dfe570tx/ There are, I''m sure many others which people on this list can recommend. : Life would be great if I could do all this on a single NIC connecting : all of those routers. Or do Neils and I both need a separate NIC for : each router? I don''t think you *need* to have a separate NIC for each router, but if I were doing it, I''d want each router on a separate network. Good luck, -Martin -- Martin A. Brown --- SecurePipe, Inc. --- mabrown@securepipe.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Niels, I do not think the two nics are your problem. First off you will need two things. The first is patches made by Julian Anastasov, I had a link but it does not seem to work. Julian subscribes to this list so maybe he will post an updated link to where they can be found. After you apply the patches the Linux machine will need to be running NAT in some manor. Because I have routers on each of my DSL lines I perform two rounds of NAT or PAT. One in each router, and then again in the Linux router. Without those two things, I was not able to get things to work by using only the example on lartc.org that you posted below. You will also want to dial in your DNS to servers for each IP block, and load balance that as well. In doing the NAT/PAT you will need to give the outgoing interface each of the IP''s that your routers will be translating to. Example. Public IP - Router Nat to say 10.1.0.3 On the Linux router your interface may have 10.1.0.1 as the ip, so you will need to add the other ip as well. ip addr add 10.1.0.1/16 brd 10.1.255.255 dev eth1 ip addr add 10.1.0.3/16 brd 10.1.255.255 dev eth1 You will need to do that for each IP that the routers will NAT/PAT the public ips to. Then in the Linux box, you can map those IP to what ever internal ones you want from there via NAT or PAT. Hope that makes sense and helps. On Wed, 2002-07-31 at 06:42, niels@wxn.nl wrote:> Hi ... I have 2 DSL lines all up and running on one RedHat box... > > I want to balance traffic going out over the two providers > > The 2 DSL routers Have IP''s 10.10.10.1 / 10.10.10.2 ... my linux box (eth0) > has IP 10.10.10.10 connected on a separate ethernet > > SO I read the http://lartc.org/howto/lartc.rpdb.multiple-links.html guide > (chapter 4.2.2) > > In my case I have to make these routes > > # ip route add default nexthop via 10.10.10.1 dev eth0 nexthop via > 10.10.10.2 dev eth0 > > Works Fine!! every connection request going is perfectly balanced sent out > via both gateways > But works only on the linux box itself! from the (masqueraded) clients it > doesn''t: > > Every first request which is masqueraded -> gateway 10.10.10.1 (works fine) > Every second request which is masqueraded -> gateway 10.10.10.2 (don''t get > reply back) > > When I change the multipath route so that 10.10.10.2 is the first hop > > # ip route add default nexthop via 10.10.10.2 dev eth0 nexthop via > 10.10.10.1 dev eth0 > > Gw 10.10.10.2 (fine) > Gw 10.10.10.1 (doesn''t work ... Only from the linux box itself) > > So it every time seems to be the second "hop" in the multipath route which > isn''t beeing masqueraded properly! > > Can anyone help? > > Thanks in advance! > Niels! > > > > > > > _______________________________________________ > LARTC mailing list / LARTC@mailman.ds9a.nl > http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/ >-- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello, On 31 Jul 2002, William L. Thomson Jr. wrote:> two things. The first is patches made by Julian Anastasov, > I had a link but it does not seem to work. Julian subscribes to this > list so maybe he will post an updated link to where they can be found.The box that hosts the patches is down. I can''t provide another link, I don''t know whether it is mirrored with wget somewhere by someone. When the site is ok I''ll upload the files. Until then, I still can use email, just let me know what files you like to see. I simply didn''t started to think for another place for this page, I hope the issue will be resolved in days. Regards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> After you apply the patches the Linux machine will need to be running NATin some manor.> Because I have routers on each of my DSL lines I perform two > rounds of NAT or PAT. One in each router, and then again in the Linuxrouter.> In doing the NAT/PAT you will need to give the outgoing interface each ofthe> IP''s that your routers will be translating to.Have that up and running alrady ... :-)> You will also want to dial in your DNS to servers for each IP block, > and load balance that as well.What do you mean by that? Hope that the patches work when I get my hands on them :-) Regards, Niels _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Niels, On Thu, 2002-08-01 at 01:14, niels@wxn.nl wrote:> > After you apply the patches the Linux machine will need to be running NAT > in some manor. > > Because I have routers on each of my DSL lines I perform two > > rounds of NAT or PAT. One in each router, and then again in the Linux > router. > > In doing the NAT/PAT you will need to give the outgoing interface each of > the > > IP''s that your routers will be translating to. > > Have that up and running alrady ... :-)Your routers translation? Good, then you will need to do second round of translation in the Linux box as well. Also helps to act as a second in line firewall that is transparent from the outside world. The Linux box must perform translation at some point or no go. The patches only work when translating.> > You will also want to dial in your DNS to servers for each IP block, > > and load balance that as well. > > What do you mean by that?The docs from isc.org, the pdf will help. You may have to use a later version of bind, 9.x not 8.x, but it may work in older ones as well. Normally an A record looks like domain.com. IN A ip So all you will need is domain.com. IN A ip1 IN A ip2 Which will use ip1 half the time, and ip2 the other half. In theory. There are other params like the time for each one to last and etc. Download this pdf doc on admin Bind and it should tell you what you will need from there http://www.nominum.com/resources/documentation/Bv9ARM.pdf> Hope that the patches work when I get my hands on them :-)They do, have you emailed Julian? He will send you the ones you will need. Without the patches things will not work correctly or at all. They are a must not an option. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/