Abraham van der Merwe
2002-Nov-19 12:11 UTC
help with routing determined by source address
Hi!
I want to route packets where the gateway is determined by the source
address and not the destination address - is this possible with iproute2?
for example:
ISP-A ISP-B
| |
+---------------+
| linux machine +
+---------------+
default gw is ISP-A interface, but if packet comes via ISP-B, the ISP-B
interface should be used instead of ISP-A interface
--
Regards
Abraham
There ain''t nothin'' in this world that''s worth being
a snot over.
-- Larry Wall in <1992Aug19.041614.6963@netlabs.com>
___________________________________________________
Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks
P.O. Box 3472, Matieland, Stellenbosch, 7602
Cell: +27 82 565 4451 Http: http://www.frogfoot.net
Email: abz@frogfoot.net
On Tue, 2002-11-19 at 13:11, Abraham van der Merwe wrote:> Hi! >Hi,> I want to route packets where the gateway is determined by the source > address and not the destination address - is this possible with iproute2? >Yes. # When sraddr belongs to ISPA ip rule add prio $PRIO_ISPA from $ISPA_NET lookup $ISPA_TABLE # When sraddr belongs to ISPB ip rule add prio $PRIO_ISPB from $ISPB_NET lookup $ISPB_TABLE # Everything else ip rule add prio $PRIO_DEFAULT lookup $DEFAULT_TABLE Then; # Default route through ISPA ip route add table $ISPA_TABLE default via $ISPA_GW dev $ISPA_DEV # Default route through ISPB ip route add table $ISPB_TABLE default via $ISPB_GW dev $ISPB_DEV #For everything else, use a multipath route; ip route add table $DEFAULT_TABLE nexthop via $ISPA_GW dev $ISPA_DEV nexthop via $ISPB_GW dev $ISPB_DEV> for example: > > ISP-A ISP-B > | | > +---------------+ > | linux machine + > +---------------+ > > default gw is ISP-A interface, but if packet comes via ISP-B, the ISP-B > interface should be used instead of ISP-A interfaceIPs used on the linux machines, are private or public IPs ? Cheers, Vincent. -- Vincent Jaussaud <tatooin@kelkoo.com> Kelkoo.com - Security Manager _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Abraham van der Merwe
2002-Nov-19 13:42 UTC
Re: help with routing determined by source address
Hi Vincent!> > I want to route packets where the gateway is determined by the source > > address and not the destination address - is this possible with iproute2? > > > Yes. > # When sraddr belongs to ISPA > ip rule add prio $PRIO_ISPA from $ISPA_NET lookup $ISPA_TABLE > # When sraddr belongs to ISPB > ip rule add prio $PRIO_ISPB from $ISPB_NET lookup $ISPB_TABLE > # Everything else > ip rule add prio $PRIO_DEFAULT lookup $DEFAULT_TABLE > > # Default route through ISPA > ip route add table $ISPA_TABLE default via $ISPA_GW dev $ISPA_DEV > # Default route through ISPB > ip route add table $ISPB_TABLE default via $ISPB_GW dev $ISPB_DEV > > #For everything else, use a multipath route; > ip route add table $DEFAULT_TABLE nexthop via $ISPA_GW dev $ISPA_DEV > nexthop via $ISPB_GW dev $ISPB_DEVThanks, this makes sense. I just don''t understand the multipath route? Also, I take it the _TABLE variables can be arbitrary [unique] ids right? And if I want to have ISPB as the exception to the rule, I''ll set ISPA''s priority the highest?> > for example: > > > > ISP-A ISP-B > > | | > > +---------------+ > > | linux machine + > > +---------------+ > > > > default gw is ISP-A interface, but if packet comes via ISP-B, the ISP-B > > interface should be used instead of ISP-A interface > > IPs used on the linux machines, are private or public IPs ?public ips -- Regards Abraham BEWARE! People acting under the influence of human nature. ___________________________________________________ Abraham vd Merwe [ZR1BBQ] - Frogfoot Networks P.O. Box 3472, Matieland, Stellenbosch, 7602 Cell: +27 82 565 4451 Http: http://www.frogfoot.net Email: abz@frogfoot.net
On Tue, 2002-11-19 at 14:42, Abraham van der Merwe wrote:> > > > #For everything else, use a multipath route; > > ip route add table $DEFAULT_TABLE nexthop via $ISPA_GW dev $ISPA_DEV > > nexthop via $ISPB_GW dev $ISPB_DEV > > Thanks, this makes sense. I just don''t understand the multipath route?I assume you want to be able to use both link simultaneously for the linux host itself (eg, for outgoing connections). Setting a multipath route as shown below, will instruct the kernel to use the multipath route for all packets which don''t have a saddr set. Eg, packets for which you don''t care to use either ISP1 or ISP2.> Also, > I take it the _TABLE variables can be arbitrary [unique] ids right?Yes, any names you want, assuming they are present in /etc/iproute2/rt_tables. Otherwise, you can use numbers.> And if I > want to have ISPB as the exception to the rule, I''ll set ISPA''s priority the > highest? >I''m not sure to understand what you mean. Priorities means the order your routing tables will be looked at. eg; ip rule add prio 100 lookup test ip rule add prio 101 lookup test1 ip rule add prio 200 lookup test2 means that table test will be looked first, then table test1, then table test2.> > > for example: > > > > > > ISP-A ISP-B > > > | | > > > +---------------+ > > > | linux machine + > > > +---------------+ > > > > > > default gw is ISP-A interface, but if packet comes via ISP-B, the ISP-B > > > interface should be used instead of ISP-A interface > > > > IPs used on the linux machines, are private or public IPs ? > > public ipsSounds like you want to setup link redundency for your linux machine. This shouldn''t be a problem for outgoing connections [except for FTP :)], but you may face some unexpected issues with incoming connections, for which the replies may not take the proper link; especially if the applications don''t set the sraddr in the packet, in which case the multipath route will be used, which is bad. Tell me how it goes, I''m working on a similar setup. Cheers, Vincent. -- Vincent Jaussaud <tatooin@kelkoo.com> Kelkoo.com _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
Hi, I am newbie to the list. I am using the wondershaper on RH Linux 7.3 machine. wondershaper version is 1.1a. I set it up as upload speed xkbps and download speed y kbps. I needed to setup total speed as x+y kbps but dynamically adjust uplink and download speeds. Is there any way to do it. thanks, Sam _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wednesday 20 November 2002 19:46, K Sambaiah wrote:> Hi, > I am newbie to the list. I am using the wondershaper on RH Linux > 7.3 machine. wondershaper version is 1.1a. I set it up as > upload speed xkbps and download speed y kbps. I needed to setup > total speed as x+y kbps but dynamically adjust uplink and download > speeds. Is there any way to do it.You can do this with the imq device. But why ?? The imq device is a virtual device and you can redirect traffic to it with iptables. You can do it from any interface you want and for both directions. Stef -- stef.coene@docum.org "Using Linux as bandwidth manager" http://www.docum.org/ #lartc @ irc.oftc.net _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/
On Wed, 20 Nov 2002 20:09:23 +0100 Stef Coene <stef.coene@docum.org> wrote:> On Wednesday 20 November 2002 19:46, K Sambaiah wrote: > > Hi, > > I am newbie to the list. I am using the wondershaper on RH Linux > > 7.3 machine. wondershaper version is 1.1a. I set it up as > > upload speed xkbps and download speed y kbps. I needed to setup > > total speed as x+y kbps but dynamically adjust uplink and download > > speeds. Is there any way to do it. > > You can do this with the imq device. But why ??Does it not make sense to allocate bandwidth without regard to direction? If bandwidth in one direction is unused, why limit the other direction? <snip> Regards, David _______________________________________________ LARTC mailing list / LARTC@mailman.ds9a.nl http://mailman.ds9a.nl/mailman/listinfo/lartc HOWTO: http://lartc.org/