hi all, i want guidance in advance routing--to be specific load balance between two links.. i have gone thru the LARTC docs and docs for julians patches too.. am yet to implement it but have a few queries/doubts.. our setup--> we have two providers. the present one is thru a wan link using cisco router & the 2nd is a wireless link terminated in another router. these two routers will be connected to linux box(its a compulsion to have 2 routers).. the linx box has 3 interface, 2 of wich are connected to the router via a switch.. we already have valid/real ip with us after going thru the docs i find that with julians patch one needs to **MASQUERADE** to the links... we dont want that !.. we want our real ip to flow in these 2 links(real ip already being broadcasted on provider''s network).. so my Question is-->possible without **MASQUERADE** ??.. will the setup(as shown in docs) loadbalance for our real ip''s ?? .. what other things i have to consider ?.. Awaiting a reply very very anxiously.. A.H _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, 2002-08-15 at 00:33, Arindam Haldar wrote:> so my Question is-->possible without **MASQUERADE** ??..No> will the > setup(as shown in docs) loadbalance for our real ip''s ?? ..Not without the Linux router performing NAT.> what other things i have to consider ?..I would consider doing some NAT in one way or another. In my case I perform two consecutive rounds of NAT, one in each router, and again in the Linux router. In short, in order for Julian''s patches to work and to load balance the connections, the Linux router must be doing NAT. So I would look into a topology in your network that would allow for the Linux router to perform NAT. Otherwise I do not believe you will be able to load balance your connections. -- Sincerely, William L. Thomson Jr. Support Group Obsidian-Studios Inc. 439 Amber Way Petaluma, Ca. 94952 Phone 707.766.9509 Fax 707.766.8989 http://www.obsidian-studios.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
> so my Question is-->possible without **MASQUERADE** ??.. will the > setup(as shown in docs) loadbalance for our real ip''s ??Short answer: No. Long answer: You should first answer the question: what kind of LB do you want? Incoming, outgoing or both? If you want incoming only, you don''t need Julian''s patches, nor NAT per sé. You can use DNS to balance your incoming connections and assing every backend server two IP addresses: one from both IP ranges. If you want outgoing LB, or both: Julian''s patches work when you have more than one IP range, but each IP range is going only through one provider, that is: you do not have PI address space and do not use BGP4 to announce your routes through multiple providers. If you do have PI address space and speak BGP4, you don''t need Julian''s patches nor do you need NAT. This is probably not your case, and the IP ranges you received from your providers are PA, that is they are part of the larger address space of your provider. This means that IP range 1 will only come through provider 1 and IP range 2 will only flow through provider 2. Because of this: if you don''t use NAT and assign an IP from IP range 1 to some machine, the server will never be able to use the link through provider 2, because his address is from IP range 1 and will only flow through provider 1 (read above). For this to work, you THUS need NAT. Why don''t you want to use NAT? NAT is not dirty. NAT is stable, fast, secure and saves you from renumbering your network when you switch providers. Hope this is clear and helps, if not, ask. Cheers, Laurens van Alphen Keen on dots _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Thu, 15 Aug 2002, Laurens van Alphen wrote:> Why don''t you want to use NAT? NAT is not dirty. NAT is stable, fast, > secure and saves you from renumbering your network when you switch > providers.On the other hand, NAT breaks useful stuff such as IPSec. Doei, Arthur. -- /\ / | arthurvl@sci.kun.nl | Work like you don''t need the money /__\ / | A friend is someone with whom | Love like you have never been hurt / \/__ | you can dare to be yourself | Dance like there''s nobody watching _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hello, On Thu, 15 Aug 2002, Arindam Haldar wrote:> after going thru the docs i find that with julians patch one needs to > **MASQUERADE** to the links... we dont want that !.. we want our real ip > to flow in these 2 links(real ip already being broadcasted on provider''s > network).. > so my Question is-->possible without **MASQUERADE** ??.. will the > setup(as shown in docs) loadbalance for our real ip''s ?? ..Of course, it is possible ... and depends on how restrictive are your providers. But if one link fails you can have the problem of using sources for the failed link, then the replies from world will hit the failed provider and will not reach you. As result, your internal servers should know which source addresses to use according to the link state. The masquerade simply guarantees that one link is used only from addresses that are reachable from this link.> what other things i have to consider ?..As for applying the patches you need to download them correctly. More likely you have white space problem (try with patch -l).> Awaiting a reply very very anxiously.. > A.HRegards -- Julian Anastasov <ja@ssi.bg> _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
hi julian hi all thanx to you all.. many doubts are now cleared.. the **NATing** soulution is ofcource a very steady one but am not able to convince my management for it !.. hopefully they will... ys julian you r right :).. there were white spaces--it''s patched perfectly now .. :) .. to you all---> have a :) sunday.. :) A.H Julian Anastasov wrote:> Hello, > > On Thu, 15 Aug 2002, Arindam Haldar wrote: > > >>after going thru the docs i find that with julians patch one needs to >>**MASQUERADE** to the links... we dont want that !.. we want our real ip >>to flow in these 2 links(real ip already being broadcasted on provider''s >>network).. >>so my Question is-->possible without **MASQUERADE** ??.. will the >>setup(as shown in docs) loadbalance for our real ip''s ?? .. > > > Of course, it is possible ... and depends on how restrictive > are your providers. But if one link fails you can have the problem > of using sources for the failed link, then the replies from world > will hit the failed provider and will not reach you. As result, > your internal servers should know which source addresses to use > according to the link state. The masquerade simply guarantees that > one link is used only from addresses that are reachable from this > link. > > >>what other things i have to consider ?.. > > > As for applying the patches you need to download them > correctly. More likely you have white space problem (try with > patch -l). > > >>Awaiting a reply very very anxiously.. >>A.H > > > Regards > > -- > Julian Anastasov <ja@ssi.bg> > > >_______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/